14 DAY TRIAL // Microsoft rolled out security updates to resolve a total of 79 vulnerabilities in its software as part of the May 2019 Patch Tuesday cycle.
There are 22 critical flaws this month, out of which no less than 18 affect browsers and scripting engines, with other 4 representing Remote Code Execution (RCE) vulnerabilities in key products like Remote Desktop and Word.
One of the priorities this month is CVE-2019-0863, which is an elevation of privilege vulnerability in Windows that’s already being exploited by attackers.
Microsoft says all supported versions of Windows are affected, including Windows 10, and comes down to the way Windows Error Reporting handles files. The flaw was publicly disclosed and Microsoft says it’s aware of exploits already happening in the wild.
Then, it’s CVE-2019-0708, a security vulnerability in Remote Desktop Services that affects older versions of Windows, including Windows XP. You can read more about this flaw and the emergency update shipped by Microsoft for the impacted Windows releases here.
Skype for Android also getting a patch
Microsoft also resolves a publicly disclosed vulnerability in Skype for Android. Detailed in CVE-2019-0932, the flaw allows an attacker to listen to a conversation on Skype without users even knowing about it.
“To exploit the vulnerability, an attacker would need to call an Android phone with Skype for Android installed that’s also paired with a Bluetooth device. The security update addresses the vulnerability by correcting how Skype for Android answers incoming calls,” Microsoft says, adding that exploitation is less likely. Skype 8.35 is the version affected by the vulnerability.
The list of products being targeted with security updates this month also includes Office and Office 365, SharePoint, SQL Server, and .NET Framework.
As always, users are recommended to install these security updates as soon as possible, and to prioritize the patches targeting flaws already being exploited out in the wild.