Microsoft Security Bulletin Coverage for May 2019

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of May 2019. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2019-0707 Windows NDIS Elevation of Privilege Vulnerability
ASPY5495:Malformed-File exe.MP.72
CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0725 Windows DHCP Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0727 Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0734 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0758 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0819 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0820 .NET Framework and .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0863 Windows Error Reporting Elevation of Privilege Vulnerability
ASPY5496:Malformed-File exe.MP.73
CVE-2019-0864 .NET Framework Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0872 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0881 Windows Kernel Elevation of Privilege Vulnerability
ASPY5497:Malformed-File exe.MP.74
CVE-2019-0882 Windows GDI Information Disclosure Vulnerability
ASPY1114:Malformed-File emf.TL.10
CVE-2019-0884 Scripting Engine Memory Corruption Vulnerability
IPS14210:Scripting Engine Memory Corruption Vulnerability (MAY 19) 3
CVE-2019-0885 Windows OLE Remote Code Execution Vulnerability
ASPY5493:Malformed-File bmp.MP.3
CVE-2019-0886 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0889 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0890 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0891 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0892 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0893 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0894 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0895 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0896 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0897 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0898 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0899 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0900 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0901 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0902 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0903 GDI+ Remote Code Execution Vulnerability
ASPY5494:Malformed-File ttf.MP.26
CVE-2019-0911 Scripting Engine Memory Corruption Vulnerability
IPS14206:Scripting Engine Memory Corruption Vulnerability (May 19) 1
CVE-2019-0912 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0913 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0914 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0915 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0916 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0917 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0918 Scripting Engine Memory Corruption Vulnerability
IPS14207:Scripting Engine Memory Corruption Vulnerability (May 19) 2
CVE-2019-0921 Internet Explorer Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0922 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0923 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0924 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0925 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0926 Microsoft Edge Memory Corruption Vulnerability
IPS14208:Microsoft Edge Memory Corruption Vulnerability (May 19) 2
CVE-2019-0927 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0929 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0930 Internet Explorer Information Disclosure Vulnerability
IPS14209:Internet Explorer Information Disclosure Vulnerability (May 19) 1
CVE-2019-0931 Windows Storage Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0932 Skype for Android Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0933 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0936 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0937 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0938 Microsoft Edge Elevation of Privilege Vulnerability
IPS14203:Microsoft Edge Elevation of Privilege (May 19) 1
CVE-2019-0940 Microsoft Browser Memory Corruption Vulnerability
IPS14202:Microsoft Edge Memory Corruption Vulnerability (May 19) 1
CVE-2019-0942 Unified Write Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0945 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0946 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0947 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0949 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0950 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0951 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0952 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0953 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0956 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0957 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0958 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0961 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0963 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-0971 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0976 NuGet Package Manager Tampering Vulnerability
There are no known exploits in the wild.
CVE-2019-0979 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0980 .NET Framework and .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0981 .Net Framework and .Net Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0982 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0995 Internet Explorer Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1000 Microsoft Azure AD Connect Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1008 Microsoft Dynamics On-Premise Security Feature Bypass
There are no known exploits in the wild.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.