CVE-2019-0863
published 2019-05-16CVE-2019-0863: An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege…
PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
5.21%
91.5th percentile
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on unexpected DACL modifications (SetFileSecurity calls) to sensitive system files (e.g., DLLs, EXEs, SYS files) originating from wermgr.exe, which may indicate exploitation of the race condition in UtilAddAccessToPath. ↗
- →Look for rapid, repeated deletion and recreation of files inside subdirectories of the WER ReportQueue, combined with hardlink creation — this is the bruteforce timing pattern used by the PoC exploit. ↗
- →Monitor for the presence or execution of AngryPolarBearBug.exe, the known PoC binary for CVE-2019-0863. ↗
- ·The ReportQueue directory is intentionally world-writable by design, so file creation there is not inherently malicious — detection must focus on the combination of junction/hardlink creation AND wermgr.exe DACL modification activity. ↗
- ·The PoC notes that a large number of existing reports in the ReportArchive folder can interfere with exploit timing; defenders should be aware that a clean ReportQueue may indicate an attacker pre-staged the environment. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2019-0863 [HIGH] Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Affected: Microsoft Windows
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0863
Remediation Due Date: 2022-05-03
Microsoft
Windows Error Reporting Elevation of Privilege Vulnerability
vendor_msrc·2019-05-14·CVSS 7.8
CVE-2019-0863 [HIGH] Windows Error Reporting Elevation of Privilege Vulnerability
Windows Error Reporting Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges.
To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system.
The security update addresses the vulnerability by correcting the way WER handles files.
Microsoft Windows: Microsoft Windows
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation De
GHSA
GHSA-2v97-h8v8-m3px: An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privi
ghsa_unreviewed·2022-05-24
CVE-2019-0863 [HIGH] GHSA-2v97-h8v8-m3px: An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privi
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
VulnCheck
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-0863 [HIGH] Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2019-May; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
No detection rules found.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Unit42
Unit 42 Named Top Zero-Day Vulnerability Contributor by Microsoft
blogs_unit42·2019-09-04·CVSS 7.8
[HIGH] Unit 42 Named Top Zero-Day Vulnerability Contributor by Microsoft
This piece was originally published August 16 on the Palo Alto Networks blog.
Palo Alto Networks is proud that Microsoft has recognized our Unit 42 global threat intelligence team with multiple awards for its contributions to vulnerability research, including first place for discovery of Zero Day vulnerabilities. Microsoft also recognized Unit 42 researchers Gal De Leon and Bar Lahav in its annual list of the Most Valuable Security Researchers.
Unit 42, which also won third place for “Vulnerability Top Contributor,” was the only research group to win in two categories at this year’s Microsoft Active Protections Program (MAPP) Contributing Partners awards.
“It’s an honor to be recognized by the MSRC team for responsibly disclosing these vulnerabilities to Microsoft and providing informat
Unit42
Unit 42 Named Top Zero-Day Vulnerability Contributor by Microsoft
blogs_unit42·2019-09-04·CVSS 7.8
[HIGH] Unit 42 Named Top Zero-Day Vulnerability Contributor by Microsoft
Threat Research Center
Threat Research
Vulnerabilities
## Unit 42 Named Top Zero-Day Vulnerability Contributor by Microsoft
John Harrison
Published: September 4, 2019
Threat Research
Vulnerabilities
Microsoft Security Response Center
MSRC
Threat research
This piece was originally published August 16 on the Palo Alto Networks blog .
Palo Alto Networks is proud that Microsoft has recognized our Unit 42 global threat intelligence team with multiple awards for its contributions to vulnerability research, including first place for discovery of Zero Day vulnerabilities . Microsoft also recognized Unit 42 researchers Gal De Leon and Bar Lahav in its annual list of the Most Valuable Security Researchers .
Unit 42, which also won third place for “Vulnerability Top Contributor,” was t
Securelist
IT threat evolution Q2 2019. Statistics
blogs_securelist·2019-08-19
IT threat evolution Q2 2019. Statistics
Table of Contents
- Quarterly figures
- Mobile threats
- Attacks on Apple macOS
- IoT attacks
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyber attacks
Authors
- Victor Chebyshev
- Fedor Sinitsyn
- Denis Parinov
- Boris Larin
- Oleg Kupreev
- Evgeny Lopatin
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network,
- Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across the globe.
- 217,843,293 unique URLs triggered Web Anti-Virus components.
- Attempted infections by malware designed to steal money via online access to bank accounts were
Unit42
Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863)
blogs_unit42·2019-07-02·CVSS 7.8
CVE-2019-0863 [HIGH] Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863)
In December 2018, a hacker who goes by the alias ‘SandboxEscaper’ publicly disclosed a zero-day vulnerability in the Windows Error Reporting (WER) component. Digging deeper into her submission, I discovered another zero-day vulnerability, which could be abused to elevate system privileges. According to the Microsoft advisory, attackers exploited this bug as a zero-day in the wild until the patch was released in May 2019.
So how did this bug work exactly?
#### Microsoft WER Under the Hood
The Windows Error Reporting tool is a flexible event-based feedback infrastructure designed to gather information about hardware and software problems that Windows can detect, report the information to Microsoft, and provide users with any available solutions.
For example, if Windows encounters a syste
Unit42
Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863)
blogs_unit42·2019-07-02·CVSS 7.8
CVE-2019-0863 [HIGH] Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863)
Threat Research Center
Threat Research
Vulnerabilities
## Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863)
Gal De Leon
Published: July 2, 2019
Threat Research
Vulnerabilities
CVE-2019-0863
Windows
In December 2018, a hacker who goes by the alias ‘SandboxEscaper’ publicly disclosed a zero-day vulnerability in the Windows Error Reporting (WER) component. Digging deeper into her submission, I discovered another zero-day vulnerability, which could be abused to elevate system privileges. According to the Microsoft advisory, attackers exploited this bug as a zero-day in the wild until the patch was released in May 2019.
So how did this bug work exactly?
## Microsoft WER Under the Hood
The Windows Error Reporting tool is a flexible event-based feedback infrastructure de
Unit42
Unit 42 Discovers 10 New Microsoft Vulnerabilities
blogs_unit42·2019-06-20·CVSS 7.8
[HIGH] Unit 42 Discovers 10 New Microsoft Vulnerabilities
Palo Alto Networks Unit 42 threat researchers have discovered one new vulnerability addressed by the Microsoft Security Response Center (MSRC) as part of their June 2019 security update release, as well as nine additional vulnerabilities that were addressed in May 2019. The severity of the vulnerabilities discovered were all rated “Important.”
Palo Alto Networks customers who deploy our Next-Generation Security Platform according to best practices and have a Threat Prevention Subscription are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Traps’ multi-layered exploit prevention capabilities. Threat prevention capabilities such as vulnerability protection with IPS and WildFire provide our customers with comprehensive pr
Unit42
Unit 42 Discovers 10 New Microsoft Vulnerabilities
blogs_unit42·2019-06-20·CVSS 7.5
[HIGH] Unit 42 Discovers 10 New Microsoft Vulnerabilities
Threat Research Center
Threat Research
Vulnerabilities
## Unit 42 Discovers 10 New Microsoft Vulnerabilities
John Harrison
Published: June 20, 2019
Threat Research
Vulnerabilities
Microsoft
Palo Alto Networks Unit 42 threat researchers have discovered one new vulnerability addressed by the Microsoft Security Response Center (MSRC) as part of their June 2019 security update release, as well as nine additional vulnerabilities that were addressed in May 2019. The severity of the vulnerabilities discovered were all rated “Important.”
Palo Alto Networks customers who deploy our Next-Generation Security Platform according to best practices and have a Threat Prevention Subscription are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities
Tenable
SandboxEscaper: Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed
blogs_tenable·2019-05-23
SandboxEscaper: Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Sfruttamento vulnerabilità
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research May 15, 2019 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research
2019/05/15
Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release,
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research May 15, 2019 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research 2019/05/15 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release,
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research
May 15, 2019
Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this releas
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Ausnutzung von Schwachstellen
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research May 15, 2019 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this rel
Trendmicro
Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
blogs_trendmicro·2019-05-15·CVSS 9.8
CVE-2019-0708 [CRITICAL] Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Exploits y vulnerabilidades
## Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003.
By: Trend Micro Research May 15, 2019 Read time: ( words)
Save to Folio
Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this relea
Krebs
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
blogs_krebs·2019-05-14·CVSS 9.8
CVE-2019-0708 [CRITICAL] Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
The May 2017 global malware epidemic WannaCry affected some 200,000 Windows systems in 150 countries. Source: Wikipedia.
The vulnerability ( CVE-2019-0708 ) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7 , Windows Server 2008 R2 , and Windows Server 2008 . It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updat
Qualys
May 2019 Patch Tuesday - 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns | Qualys
blogs_qualys·2019-05-14·CVSS 9.8
[CRITICAL] May 2019 Patch Tuesday - 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns | Qualys
This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidance on the recently disclosed Microarchitectural Data Sampling (MDS) techniques, known as ZombieLoad, Fallout, and RIDL. Adobe’s Patch Tuesday includes patches for vulnerabilities in Flash, Acrobat/Reader (83 vulnerabilities!) and Media Encoder.
UPDATE May 15: Microsoft has also issued Remote Desktop patches for Windows XP and Server 2003.
### Workstation Patches
Scripting Engine, Browser, GDI+, and Word patches should be prioritized for workstation-type devices, meaning any system that is used
Qualys
May 2019 Patch Tuesday – 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns
blogs_qualys·2019-05-14·CVSS 9.8
[CRITICAL] May 2019 Patch Tuesday – 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns
This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidance on the recently disclosed Microarchitectural Data Sampling (MDS) techniques, known as ZombieLoad, Fallout, and RIDL. Adobe’s Patch Tuesday includes patches for vulnerabilities in Flash, Acrobat/Reader (83 vulnerabilities!) and Media Encoder.
UPDATE May 15 : Microsoft has also issued Remote Desktop patches for Windows XP and Server 2003.
## Workstation Patches
Scripting Engine, Browser, GDI+, and Word patches should be prioritized for workstation-type devices, meaning any system that is used
Krebs
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
blogs_krebs·2019-05-14·CVSS 9.8
CVE-2019-0708 [CRITICAL] Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
The vulnerability (CVE-2019-0708) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates.
Microsoft said the company has not yet observed any evidence of attacks against the dangerous security flaw, but that it is
Zscaler
Zscaler found Multiple Security Vulnerabilities | 06-11-2019
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 06-11-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0863
2019-05-16
Published
2021-11-03
Added to CISA KEV
Exploited in the wild