Microsoft Security Bulletin Coverage for May 2019

May 14, 2019

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of May 2019. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2019-0707 Windows NDIS Elevation of Privilege Vulnerability
ASPY5495:Malformed-File exe.MP.72
CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0725 Windows DHCP Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0727 Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0734 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0758 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0819 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0820 .NET Framework and .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0863 Windows Error Reporting Elevation of Privilege Vulnerability
ASPY5496:Malformed-File exe.MP.73
CVE-2019-0864 .NET Framework Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0872 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0881 Windows Kernel Elevation of Privilege Vulnerability
ASPY5497:Malformed-File exe.MP.74
CVE-2019-0882 Windows GDI Information Disclosure Vulnerability
ASPY1114:Malformed-File emf.TL.10
CVE-2019-0884 Scripting Engine Memory Corruption Vulnerability
IPS14210:Scripting Engine Memory Corruption Vulnerability (MAY 19) 3
CVE-2019-0885 Windows OLE Remote Code Execution Vulnerability
ASPY5493:Malformed-File bmp.MP.3
CVE-2019-0886 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0889 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0890 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0891 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0892 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0893 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0894 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0895 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0896 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0897 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0898 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0899 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0900 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0901 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0902 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0903 GDI+ Remote Code Execution Vulnerability
ASPY5494:Malformed-File ttf.MP.26
CVE-2019-0911 Scripting Engine Memory Corruption Vulnerability
IPS14206:Scripting Engine Memory Corruption Vulnerability (May 19) 1
CVE-2019-0912 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0913 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0914 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0915 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0916 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0917 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0918 Scripting Engine Memory Corruption Vulnerability
IPS14207:Scripting Engine Memory Corruption Vulnerability (May 19) 2
CVE-2019-0921 Internet Explorer Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0922 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0923 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0924 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0925 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0926 Microsoft Edge Memory Corruption Vulnerability
IPS14208:Microsoft Edge Memory Corruption Vulnerability (May 19) 2
CVE-2019-0927 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0929 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0930 Internet Explorer Information Disclosure Vulnerability
IPS14209:Internet Explorer Information Disclosure Vulnerability (May 19) 1
CVE-2019-0931 Windows Storage Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0932 Skype for Android Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0933 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0936 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0937 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0938 Microsoft Edge Elevation of Privilege Vulnerability
IPS14203:Microsoft Edge Elevation of Privilege (May 19) 1
CVE-2019-0940 Microsoft Browser Memory Corruption Vulnerability
IPS14202:Microsoft Edge Memory Corruption Vulnerability (May 19) 1
CVE-2019-0942 Unified Write Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0945 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0946 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0947 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0949 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0950 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0951 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0952 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0953 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0956 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0957 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0958 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0961 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0963 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-0971 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0976 NuGet Package Manager Tampering Vulnerability
There are no known exploits in the wild.
CVE-2019-0979 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0980 .NET Framework and .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0981 .Net Framework and .Net Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0982 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0995 Internet Explorer Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1000 Microsoft Azure AD Connect Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1008 Microsoft Dynamics On-Premise Security Feature Bypass
There are no known exploits in the wild.