JPCERT-AT-2019-0023
JPCERT/CC
2019-05-15
Details on the vulnerabilities can be found at the following URL:
May 2019 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
ADV190012
May 2019 Adobe Flash Security Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190012
- KB4497932
CVE-2019-0708
Remote Desktop Services Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0708
- KB4499149, KB4499164, KB4499175, KB4499180
CVE-2019-0725
Windows DHCP Server Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0725
- KB4494440, KB4494441, KB4497936, KB4499151, KB4499158, KB4499164
KB4499165, KB4499167, KB4499171, KB4499175
CVE-2019-0884
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0884
- KB4494440, KB4494441, KB4497936, KB4498206, KB4499149, KB4499151
KB4499154, KB4499164, KB4499167, KB4499171, KB4499179, KB4499181
CVE-2019-0903
GDI+ Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0903
- KB4494440, KB4494441, KB4497936, KB4499149, KB4499151, KB4499154
KB4499158, KB4499164, KB4499165, KB4499167, KB4499175, KB4499179
KB4499180, KB4499181
CVE-2019-0911
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0911
- KB4494440, KB4494441, KB4497936, KB4498206, KB4499151, KB4499154
KB4499164, KB4499167, KB4499171, KB4499179, KB4499181
CVE-2019-0912
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0912
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0913
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0913
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0914
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0914
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0915
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0915
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0916
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0916
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0917
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0917
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0918
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0918
- KB4494440, KB4494441, KB4497936, KB4498206, KB4499151, KB4499154
KB4499164, KB4499167, KB4499179, KB4499181
CVE-2019-0922
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0922
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0924
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0924
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0925
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0925
- KB4494440, KB4494441, KB4497936, KB4499167, KB4499179, KB4499181
CVE-2019-0926
Microsoft Edge Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0926
- KB4494441, KB4497936
CVE-2019-0927
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0927
- KB4494440, KB4494441, KB4497936, KB4499167, KB4499179, KB4499181
CVE-2019-0929
Internet Explorer Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0929
- KB4494441, KB4497936, KB4499167
CVE-2019-0933
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0933
- KB4494440, KB4494441, KB4497936, KB4499167, KB4499179, KB4499181
CVE-2019-0937
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0937
- KB4494441, KB4497936, KB4499167, KB4499179
CVE-2019-0940
Microsoft Browser Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0940
- KB4494440, KB4494441, KB4497936, KB4498206, KB4499151, KB44499154
KB4499164, KB4499167, KB4499179, KB4499181
CVE-2019-0953
Microsoft Word Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0953
- KB4462169, KB4464536
According to Microsoft, attacks leveraging the vulnerability CVE-2019-0863 (Important) has been observed in the wild. Please apply the security update programs as soon as possible.
Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Microsoft Corporation
May 2019 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
Microsoft Corporation
Microsoft Security Updates for May 2019 (Monthly) (Japanese)
https://blogs.technet.microsoft.com/jpsecurity/2019/5/15/201905-security-updates/
Microsoft Corporation
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Adobe
Security Bulletin for Adobe Flash Player | APSB19-26
https://helpx.adobe.com/security/products/flash-player/apsb19-26.html
JPCERT/CC
Alert Regarding Vulnerability in Adobe Flash Player (APSB19-26)
https://www.jpcert.or.jp/english/at/2019/at190021.html
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-6271-8901 FAX: +81-3-6271-8908
https://www.jpcert.or.jp/english/
JPCERT/CC
2019-05-15
I. Overview
Microsoft has released May 2019 Security Updates. This contains updates that are rated as "Critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code.Details on the vulnerabilities can be found at the following URL:
May 2019 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
ADV190012
May 2019 Adobe Flash Security Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190012
- KB4497932
CVE-2019-0708
Remote Desktop Services Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0708
- KB4499149, KB4499164, KB4499175, KB4499180
CVE-2019-0725
Windows DHCP Server Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0725
- KB4494440, KB4494441, KB4497936, KB4499151, KB4499158, KB4499164
KB4499165, KB4499167, KB4499171, KB4499175
CVE-2019-0884
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0884
- KB4494440, KB4494441, KB4497936, KB4498206, KB4499149, KB4499151
KB4499154, KB4499164, KB4499167, KB4499171, KB4499179, KB4499181
CVE-2019-0903
GDI+ Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0903
- KB4494440, KB4494441, KB4497936, KB4499149, KB4499151, KB4499154
KB4499158, KB4499164, KB4499165, KB4499167, KB4499175, KB4499179
KB4499180, KB4499181
CVE-2019-0911
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0911
- KB4494440, KB4494441, KB4497936, KB4498206, KB4499151, KB4499154
KB4499164, KB4499167, KB4499171, KB4499179, KB4499181
CVE-2019-0912
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0912
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0913
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0913
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0914
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0914
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0915
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0915
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0916
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0916
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0917
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0917
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0918
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0918
- KB4494440, KB4494441, KB4497936, KB4498206, KB4499151, KB4499154
KB4499164, KB4499167, KB4499179, KB4499181
CVE-2019-0922
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0922
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0924
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0924
- KB4494440, KB4494441, KB4497936, KB4499154, KB4499167, KB4499179
KB4499181
CVE-2019-0925
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0925
- KB4494440, KB4494441, KB4497936, KB4499167, KB4499179, KB4499181
CVE-2019-0926
Microsoft Edge Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0926
- KB4494441, KB4497936
CVE-2019-0927
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0927
- KB4494440, KB4494441, KB4497936, KB4499167, KB4499179, KB4499181
CVE-2019-0929
Internet Explorer Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0929
- KB4494441, KB4497936, KB4499167
CVE-2019-0933
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0933
- KB4494440, KB4494441, KB4497936, KB4499167, KB4499179, KB4499181
CVE-2019-0937
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0937
- KB4494441, KB4497936, KB4499167, KB4499179
CVE-2019-0940
Microsoft Browser Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0940
- KB4494440, KB4494441, KB4497936, KB4498206, KB4499151, KB44499154
KB4499164, KB4499167, KB4499179, KB4499181
CVE-2019-0953
Microsoft Word Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0953
- KB4462169, KB4464536
According to Microsoft, attacks leveraging the vulnerability CVE-2019-0863 (Important) has been observed in the wild. Please apply the security update programs as soon as possible.
II. Solution
Please apply the security update programs through Microsoft Update,Windows Update, etc. as soon as possible.Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
III. References
Microsoft Corporation
May 2019 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
Microsoft Corporation
Microsoft Security Updates for May 2019 (Monthly) (Japanese)
https://blogs.technet.microsoft.com/jpsecurity/2019/5/15/201905-security-updates/
Microsoft Corporation
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Adobe
Security Bulletin for Adobe Flash Player | APSB19-26
https://helpx.adobe.com/security/products/flash-player/apsb19-26.html
JPCERT/CC
Alert Regarding Vulnerability in Adobe Flash Player (APSB19-26)
https://www.jpcert.or.jp/english/at/2019/at190021.html
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-6271-8901 FAX: +81-3-6271-8908
https://www.jpcert.or.jp/english/