In addition to its dramatic release about its “wormable” Remote Code Execution (RCE) vulnerability in Remote Desktop Services, Microsoft released its Patch Tuesday offerings that included fixes for 79 vulnerabilities over its product line, including a Zero Day.
The Zero Day vulnerability (CVE-2019-0863) undergoing exploitation is an elevation of privilege issue that exists in the way the Windows Error Reporting (WER) service interacts with files.
Malware Beware: Update Windows ASAP
Manufacturing Report: Financial Attacks on Rise
Siemens, TÜV SÜD Partner on Safety-Security
Security Spotlight: Triton Fallout, Securing Supply Chain
Details about these attacks are still being kept close to the vest by officials. Microsoft did say, however, it changed how WER takes care of files.
In addition to all the fixes this month, Microsoft also issued an advisory (ADV190013) for the Intel CPU issues that just came to light.
The CPU issues are called a Microarchitectural Data Sampling (MDS) attack, and it targets a CPU’s microarchitectural data structures. These are smaller-sized caches used alongside the main CPU cache.
“An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust boundaries,” Microsoft said in its advisory. “In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities.”
The advisory reveals the software giant’s mitigation plan for design flaws.
Microsoft said that customers would need two types of updates. The first is firmware microcode updates that they must get from either Intel or their OEM.
Second, there are also OS updates, which Microsoft released for Windows and Windows Server.
Microsoft said Intel CPU microcode updates are not yet available for the following systems: Windows 10 Version 1803 for x64-based Systems; Windows Server, version 1803 (Server Core Installation); Windows 10 Version 1809 for x64-based Systems; Windows Server 2019, and Windows Server 2019 (Server Core installation)
Microsoft said its cloud-based services have already been patched and are safe against any MDS attacks.
Click here for more information on all the patches for this month.