Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Building a Resilient Logging Pipeline: Windows Event Collection Tips and Tricks for When You Are Serious About Log Collection
Real Life Ethical Hack of a Power Station: Inside the mind of a Hacker on how to Successfully Break in and the Lessons Learned
Top 4 Most Dangerous Applications on Every Endpoint; Fighting Back with Detective and Preventive Controls
Threat Detection and Hunting for 5 of the Most Common MITRE ATT&CK Techniques: Connection Proxy, Service Execution, Exfiltration, Masquerading, Drive-by Compromise

Webinar Library

Latest Blogs

Active Directory security features you probably aren’t using and more in my sessions at The Experts Conference 2019

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Top Resources

Security Log

Additional Resources

May, 2019: Patch Tuesday: Active Attacks and RDP Vulnerability

Welcome to this May Patch Tuesday Bulletin. This month there are 80 unique Microsoft related CVE’s, 1 public and exploited, 1 publicly disclosed, and 17 technologies affected. The most pressing issue this month is CVE-2019-0863 affecting Windows. This is an elevation of privilege vulnerability caused by the way Windows Error Reporting handles files. An attacker would have to be able to run code on the system as a standard user in order to exploit this vulnerability. CVE-2019-0932 is an interesting information disclosure vulnerability that affects Skype for Android. An attacker could listen to a conversation by calling an android phone with Skype without the users knowledge. CVE-2019-0708 does has not been disclosed or exploited but could be very impactful to organizations if it were to be exploited. This vulnerability could be exploited remotely using RDP. Let’s hope, just after the 2 year anniversary of the WannaCry ransomware outbreak, that we do not have a WannaCry 2 outbreak.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited	Vulnerability Info
Adobe	Flash Player 32.0.0.171 and earlier	Critical	ADV190012	Workaround: No *Public: No Exploited: No	Remote Code Execution
Windows	Windows 7, 8.1, RT 8.1, 10 Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019	Critical	CVE-2019-0707 CVE-2019-0708 CVE-2019-0725 CVE-2019-0727 CVE-2019-0733 CVE-2019-0734 CVE-2019-0758 CVE-2019-0863 CVE-2019-0881 CVE-2019-0882 CVE-2019-0885 CVE-2019-0886 CVE-2019-0889 CVE-2019-0890 CVE-2019-0891 CVE-2019-0892 CVE-2019-0893 CVE-2019-0894 CVE-2019-0895 CVE-2019-0896 CVE-2019-0897 CVE-2019-0898 CVE-2019-0899 CVE-2019-0900 CVE-2019-0901 CVE-2019-0902 CVE-2019-0903 CVE-2019-0931 CVE-2019-0936 CVE-2019-0942 CVE-2019-0961	Workaround: No *Public: Yes Exploited: Yes	Elevation of Privilege, Security Feature Bypass, Information Disclosure, Remote Code Execution
Internet Explorer	IE 9, 10, 11	Critical	CVE-2019-0884 CVE-2019-0911 CVE-2019-0918 CVE-2019-0921 CVE-2019-0929 CVE-2019-0930 CVE-2019-0940 CVE-2019-0995	Workaround: No *Public: No Exploited: No	Spoofing, Information Disclosure, Remote Code Execution, Security Feature Bypass
Edge	Edge	Critical	CVE-2019-0884 CVE-2019-0911 CVE-2019-0912 CVE-2019-0913 CVE-2019-0914 CVE-2019-0915 CVE-2019-0916 CVE-2019-0917 CVE-2019-0922 CVE-2019-0923 CVE-2019-0924 CVE-2019-0925 CVE-2019-0926 CVE-2019-0927 CVE-2019-0933 CVE-2019-0937 CVE-2019-0938 CVE-2019-0940	Workaround: No *Public: No Exploited: No	Remote Code Execution, Elevation of Privilege
Office, Office Services, and Web Apps	Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac SharePoint Enterprise 2016, Foundation 2010, Foundation 2013, 2019 Word 2016 Office 365	Critical	CVE-2019-0945 CVE-2019-0946 CVE-2019-0947 CVE-2019-0949 CVE-2019-0950 CVE-2019-0951 CVE-2019-0952 CVE-2019-0953 CVE-2019-0956 CVE-2019-0957 CVE-2019-0958 CVE-2019-0963	Workaround: No *Public: No Exploited: No	Information Disclosure, Remote Code Execution, Spoofing, Elevation of Privilege
Team Foundation Server	2015 U 4.2, 2017 U 3.1, 2018 U 1.2, 2018 U 3.2	Important	CVE-2019-0872 CVE-2019-0971 CVE-2019-0979	Workaround: No *Public: No Exploited: No	Spoofing, Information Disclosure
Visual Studio	2015, 2017, 2019	Important	CVE-2019-0727	Workaround: No *Public: No Exploited: No	Elevation of Privilege
Azure DevOps Server	Server 2019	Important	CVE-2019-0872 CVE-2019-0971 CVE-2019-0979	Workaround: No *Public: No Exploited: No	Spoofing, Information Disclosure
SQL Server	Server 2018	Important	CVE-2019-0819	Workaround: No *Public: No Exploited: No	Information Disclosure
.NET Framework	.NET 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8	Important	CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 CVE-2019-0864	Workaround: No *Public: No Exploited: No	Denial of Service
.NET Core	Core 1.0, 1.1, 2.1, 2.2	Important	CVE-2019-0820 CVE-2019-0980 CVE-2019-0981	Workaround: No *Public: No Exploited: No	Denial of Service
ASP.NET Core	Core 2.1, 2.2	Important	CVE-2019-0982	Workaround: No *Public: No Exploited: No	Denial of Service
ChakraCore	ChakraCore	Critical	CVE-2019-0911 CVE-2019-0912 CVE-2019-0913 CVE-2019-0914 CVE-2019-0915 CVE-2019-0916 CVE-2019-0917 CVE-2019-0922 CVE-2019-0924 CVE-2019-0925 CVE-2019-0927 CVE-2019-0933 CVE-2019-0937	Workaround: No *Public: No Exploited: No	Remote Code Execution
Online Services	Online Server	Critical	CVE-2019-0953	Workaround: No *Public: No Exploited: No	Remote Code Execution
Azure	Azure Active Directory Connect	Important	CVE-2019-1000	Workaround: No *Public: No Exploited: No	Elevation of Privilege
NuGet	Nuget 5.0.2	Important	CVE-2019-0976	Workaround: No *Public: No Exploited: No	Tampering
Skype for Android	Sype 8.35	Important	CVE-2019-0932	Workaround: No *Public: Yes Exploited: No	Information Disclosure

Research security patch database

Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.

Home

User name:
Password:
	/ Forgot?
	Register

May 2019 Patch Tuesday	"Patch Tuesday: Active Attacks and RDP Vulnerability " - sponsored by LOGbinder

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2019 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.