Published: Wed, May 15, 2019
Tech | By

Microsoft Releases 16 Updates to Resolve Bugs in Windows, Office

Microsoft Releases 16 Updates to Resolve Bugs in Windows, Office

"This vulnerability is pre-authentication and requires no user interaction", Pope said.

"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware", Microsoft said.

For more on this, read our companion article dealing with the potential consequences, affected systems and mitigations for this remote, "wormable" Windows vulnerability.

There are download links to the appropriate updates found at the foot of this page for those still using any of the following operating systems: Windows 7, Windows 2008 R2, Windows 2008, Windows 2003 or Windows XP. Referred to as the May 14, 2019-KB4500154 Update, this update brings the Windows 10 Mobile operating system to build number 15254.566.

The WannaCry ransomware threat spread quickly across the world in May 2017 using a vulnerability that was particularly prevalent among systems running Windows XP and older versions of Windows. It explains "Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows". Microsoft says that to get full protection, server admins might have to disable the Hyperthreading functionality that the attack exploits. This measure would stop worms as long as attackers don't have valid credentials for authentication on vulnerable systems. But this flaw is so serious that Microsoft has also issued a patch for Windows XP and its server brethren, which officially died five years ago.

Of these, 18 patches deal with vulnerabilities in the Windows Scripting Engine and web browsers.

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services - formerly known as Terminal Services - that affects some older versions of Windows.

The flaw, which Microsoft described as "critical", enables an attacker to execute arbitrary code on the target system.

Microsoft also issued mitigation guidance for the latest hardware design flaws affecting Intel processors that allow so-called Microarchitectural Data Sampling (MDS) attacks. "This vulnerability will make that process even easier".

As always, users are recommended to install these security updates as soon as possible, and to prioritize the patches targeting flaws already being exploited out in the wild.

Like this: