Patch Tuesday Archive
Patch Tuesday May 2019
Total CVEs
81
Critical
23
Important
58
Exploited
1
Publicly Disclosed
2
All CVEs this month 81
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed |
|---|---|---|---|---|---|---|
| ADV190012 | May 2019 Adobe Flash Security Update | Critical | - | Adobe Flash Player | - | - |
| CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability | Critical | 9.8 |
Windows RDP | - | - |
| CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability | Critical | 8.1 |
Windows DHCP Server | - | - |
| CVE-2019-0884 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - |
| CVE-2019-0911 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0912 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0913 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0914 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0915 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0916 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0917 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0918 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0922 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0924 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0925 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0926 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - |
| CVE-2019-0927 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0929 | Internet Explorer Memory Corruption Vulnerability | Critical | 7.5 |
Internet Explorer | - | - |
| CVE-2019-0933 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0937 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0940 | Microsoft Browser Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Browsers | - | - |
| CVE-2019-0953 | Microsoft Word Remote Code Execution Vulnerability | Critical | - | Microsoft Office | - | - |
| ADV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities | Important | - | Microsoft Windows | - | - |
| CVE-2019-0707 | Windows NDIS Elevation of Privilege Vulnerability | Important | 7 |
Windows NDIS | - | - |
| CVE-2019-0727 | Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability | Important | 6.7 |
Windows Diagnostic Hub | - | - |
| CVE-2019-0733 | Windows Defender Application Control Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | - |
| CVE-2019-0734 | Windows Elevation of Privilege Vulnerability | Important | 7.8 |
Kerberos | - | - |
| CVE-2019-0758 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0819 | Microsoft SQL Server Analysis Services Information Disclosure Vulnerability | Important | - | SQL Server | - | - |
| CVE-2019-0820 | .NET Framework and .NET Core Denial of Service Vulnerability | Important | - | .NET Framework | - | - |
| CVE-2019-0863 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Windows | Yes | Yes |
| CVE-2019-0864 | .NET Framework Denial of Service Vulnerability | Important | - | .NET Framework | - | - |
| CVE-2019-0872 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important | - | Team Foundation Server | - | - |
| CVE-2019-0881 | Windows Kernel Elevation of Privilege Vulnerability | Important | 8.8 |
Windows Kernel | - | - |
| CVE-2019-0882 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0885 | Windows OLE Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Windows | - | - |
| CVE-2019-0886 | Windows Hyper-V Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Windows | - | - |
| CVE-2019-0889 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0890 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0891 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0892 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Graphics Component | - | - |
| CVE-2019-0893 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0894 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0895 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0896 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0897 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0898 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0899 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0900 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0901 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0902 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0921 | Internet Explorer Spoofing Vulnerability | Important | 4.3 |
Internet Explorer | - | - |
| CVE-2019-0923 | Chakra Scripting Engine Memory Corruption Vulnerability | Important | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0930 | Internet Explorer Information Disclosure Vulnerability | Important | 4.3 |
Internet Explorer | - | - |
| CVE-2019-0931 | Windows Storage Service Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | - |
| CVE-2019-0932 | Skype for Android Information Disclosure Vulnerability | Important | - | Skype for Android | - | Yes |
| CVE-2019-0936 | Windows Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Windows | - | - |
| CVE-2019-0938 | Microsoft Edge Elevation of Privilege Vulnerability | Important | 4.2 |
Microsoft Edge | - | - |
| CVE-2019-0942 | Unified Write Filter Elevation of Privilege Vulnerability | Important | 4.4 |
Microsoft Windows | - | - |
| CVE-2019-0945 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - |
| CVE-2019-0946 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - |
| CVE-2019-0947 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - |
| CVE-2019-0949 | Microsoft SharePoint Spoofing Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0950 | Microsoft SharePoint Spoofing Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0951 | Microsoft SharePoint Spoofing Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0952 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0956 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0957 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0958 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0961 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0963 | Microsoft Office SharePoint XSS Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0971 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | Important | - | Team Foundation Server | - | - |
| CVE-2019-0976 | NuGet Package Manager Tampering Vulnerability | Important | - | NuGet | - | - |
| CVE-2019-0979 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important | - | Team Foundation Server | - | - |
| CVE-2019-0980 | .Net Framework and .Net Core Denial of Service Vulnerability | Important | - | .NET Core | - | - |
| CVE-2019-0981 | .Net Framework and .Net Core Denial of Service Vulnerability | Important | - | .NET Core | - | - |
| CVE-2019-0982 | ASP.NET Core Denial of Service Vulnerability | Important | - | .NET Core | - | - |
| CVE-2019-0995 | Internet Explorer Security Feature Bypass Vulnerability | Important | 7.3 |
Internet Explorer | - | - |
| CVE-2019-1000 | Microsoft Azure AD Connect Elevation of Privilege Vulnerability | Important | - | Azure | - | - |
| CVE-2019-1008 | Microsoft Dynamics On-Premise Security Feature Bypass | Important | - | Microsoft Dynamics | - | - |
Threat Categories 7
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 42 | 23 |
| Elevation of Privilege | 13 | - |
| Information Disclosure | 10 | - |
| Spoofing | 7 | - |
| Denial of Service | 5 | - |
| Security Feature Bypass | 3 | - |
| Tampering | 1 | - |
Affected Products 24
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 16 | - |
| Microsoft JET Database Engine | 13 | - |
| Microsoft Windows | 8 | 1 |
| Microsoft Office SharePoint | 8 | - |
| Microsoft Graphics Component | 5 | - |
| Internet Explorer | 4 | - |
| Microsoft Office | 4 | - |
| Team Foundation Server | 3 | - |
| .NET Core | 3 | - |
| Microsoft Edge | 2 | - |
| .NET Framework | 2 | - |
| Adobe Flash Player | 1 | - |
| Windows RDP | 1 | - |
| Windows DHCP Server | 1 | - |
| Microsoft Browsers | 1 | - |
| Windows NDIS | 1 | - |
| Windows Diagnostic Hub | 1 | - |
| Kerberos | 1 | - |
| SQL Server | 1 | - |
| Windows Kernel | 1 | - |
| Skype for Android | 1 | - |
| NuGet | 1 | - |
| Azure | 1 | - |
| Microsoft Dynamics | 1 | - |