May 22, 2019
May 2019 Threat Intelligence (CRITICAL ALERT)
Microsoft’s May 2019 Patch Tuesday includes updates to fix a massive 79 vulnerabilities, 22 of which are rated “critical”, in addition to 55 “important” updates.
Microsoft’s summary of the May 2019 releases can be found here:
Worm warning: Microsoft urges Windows users to patch now
CVE-2019-0708, which affects Windows 7, Windows Server 2008 R2, and Windows Server 2008 systems running Remote Desktop Services (RDS) is considered so critical that Microsoft even issued a patch for versions of Windows XP and Windows Server 2003.
Microsoft says it hasn’t seen any malicious hackers take advantage of this ‘dangerous worm’ but say it is “highly likely” that it will soon be incorporated into malware.
IMPORTANT: Due to the severity of CVE-2019-0708 and the likelihood of exploitation, we recommend customers apply patches immediately. If immediate patching is not possible, customers should take the following steps:
- Disable Remote Desktop Services (RDS) if not required
- Block TCP port 3389 at the firewall
- Enable Network Level Protection
We all know the expeditious speed that a worm can spread at which makes this a huge problem.
A Microsoft advisory stated:
“This vulnerability is pre-authentication and requires no user interaction.”
In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
Microsoft believe the wormable vulnerability is quite severe because it has issued fixes for operating systems that the company doesn’t even support anymore such as: Windows XP SP3 x86, Windows XP Professional x64 Edition SP2, Windows XP Embedded SP3 x86, Windows Server 2003 SP2 x86, Windows Server 2003 x64 Edition SP2.
Microsoft also worry that another WannaCry-style worm epidemic may be around the corner fuelled by out-of-date computers that are still dangerously connected to the internet – so although Windows XP was considered dead, they plan on issuing a patch for it.
New Adobe critical vulnerabilities
It is important to identify that Adobe have issued security patches for 84 vulnerabilities in Adobe Reader and one for Adobe Flash Player.
The Microsoft and Adobe vulnerabilities are significant problems that could seamlessly affect a large number of users. Updating your systems at the earliest opportunity is crucial to ensure you don’t fall into the risk of these problems.
- The 8 most common types of cyber attack, explained
- Is ransomware the biggest threat to your IT security?
- A buyers guide to patch management software
- Types of penetration test – what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.