• Login
  • Let's Talk
  • Login
  • Let's Talk
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Careers
    • Leadership
    • Industries
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Partners
    • Reseller Partners
    • Technology Partners
  • Resources
    • Resource Library
    • News & Events
    • Insider Blog
  • Contact
    • Let's Talk
    • Customer Login
    • Partner Login
  • Linkedin
  • Twitter
05.15.19

Vulnerability SPOT Report

SPOT Report - Patch Tuesday Vulnerabilities

By Samuel Harris

Overview

On Tuesday May 14th, 2019 Microsoft released their monthly patches with two very highly rated vulnerabilities that organizations should review during their monthly patch review processes.

Microsoft released a patch to address CVE-2019-0863, which is currently being utilized in the wild to allow an attacker to elevate their access on a compromised host from a regular account to an admin user granting them full control over the system. The vulnerability was disclosed to Microsoft through PolarBear and Palo Alto Networks, but has been listed on Microsoft’s website as publicly disclosed and thus should be considered a high risk within an organization.

The second noteworthy vulnerability Microsoft fixed, CVE-2019-0708, should be a focus for organizations that still have older operating systems in their environment. Microsoft took the unusual step of releasing an update for out-of-support operating systems Windows XP and Windows Server 2003, in addition to Windows 7, 2008, and 2008 R2. This particular vulnerability if exploited can be used as a worm throughout an organization, similar to that of Wannacry. Though Microsoft stated they are not currently aware of any active exploitation of this vulnerability, they are attempting to be proactive with a patch.

Potential Impact

For CVE-2019-0863, an attacker is able to elevate their privileges to an admin level by utilizing the Windows Error Reporting (WER) service that interacts with files. Neither Microsoft, PolarBear, nor Palo Alto Networks have released much detail around this particular vulnerability in order to give users more time to patch the vulnerability before exploits appear.

CVE-2019-0708, which impacts older operating systems, is a wormable flaw that sends a specifically crafted request to the Remote Desktop Service of a system the attacker is targeting. The malicious request is completed during a pre-authentication check and therefore does not require any user interaction in order to be exploited. Microsoft has stated that systems above Windows 8.1 or 10 are vulnerable to this type of attack.

Mitigation

The recommended procedure for both vulnerabilities is to review them through your organization’s patch process and make a decision on whether it is necessary to deploy urgently or through the standard patch window.

Detection

Qualys QID 91529 and Tenable Plugin ID detect both CVE-2019-0708 and CVE-2019-0863. At present both checks require authentication.

If you are Vulnerability Management customer with deepwatch, your vulnerability management SME will communicate with you in regards to which assets are considered vulnerable to you in your environment.

Managing Risk

Patching is the only option for CVE-2019-0863, as there are no current workarounds for this particular vulnerability.

Organizations should ensure that they have full list of asset inventory and review the list of older operating systems and confirm they are still actively needed within the organization in order to further mitigate existing and future unpatched vulnerabilities to these assets.

Contributors

Dave Farquhar, Vulnerability Management Subject Matter Expert

Supporting Information

  • https://www.zdnet.com/article/microsoft-may-2019-patch-tuesday-arrives-with-fix-for-windows-zero-day-mds-attacks/
  • https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/
  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863?ranMID=24542&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-NlKmoECpI0_ZOD2dZ2MT1w&epi=je6NUbpObpQ-NlKmoECpI0_ZOD2dZ2MT1w&irgwc=1&OCID=AID681541_aff_7593_1243925&tduid=(ir__y1b3t6zqxckfr0vokk0sohzg0u2xmcscjlokzuzu00)(7593)(1243925)(je6NUbpObpQ-NlKmoECpI0_ZOD2dZ2MT1w)()&irclickid=_y1b3t6zqxckfr0vokk0sohzg0u2xmcscjlokzuzu00
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
  • Share by Mail

Subscribe to the deepwatch Insider Blog

Related Posts

Vulnerability SPOT Report

02.25.21

CVE-2021-21972 - Vulnerability Found in VMware vCenter Servers and Cloud Foundation

read more

Vulnerability SPOT Report

01.27.21

Sudo Vulnerability

read more

Vulnerability SPOT Report

11.04.20

Oracle WebLogic Vulnerability

read more

let’s talk.

let’s talk.

deepwatch delivers results-driven managed security services by extending customers’ cybersecurity teams and proactively advancing their SecOps maturity. Powered by its cloud SecOps platform, deepwatch is trusted by leading global organizations to provide 24/7/365 managed security services.

deepwatch Footer Certification Icons
TRUSTe
  • Linkedin
  • Twitter
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Leadership
    • Careers
    • Industries
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Resources
    • Resource Library
    • News & Events
    • Insider Blog
  • Partners
    • Reseller Partners
    • Technology Partners
  • Contact
    • Let's Talk
    • Customer Login
    • Partner Login
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Leadership
    • Careers
    • Industries
  • Contact
    • Let's Talk
    • Customers Login
    • Partner Login
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Resources
    • Resource Library
    • News & Events
    • Insights Blog
  • Partners
    • Reseller Partners
    • Technology Partners
Top

© Copyright 2021 deepwatch incorporated

Sitemap | Privacy Policy

Top
Scroll to top