Microsoft released its May 2019 software updates to address a total of 79 vulnerabilities in its Windows operating systems and other products. Of these latest updates, 22 are rated critical. This month's Patch Tuesday from Microsoft also addresses two vulnerabilities that are actively being exploited.

TL;DR - Go straight to the Patch Tuesday report

Microsoft Releases Patch For A Critical 'Wormable Flaw'

According to this post from the Microsoft Security Response Center, the wormable vulnerability (CVE-2019-0708) resides in Remote Desktop Services that could be exploited remotely by sending specially crafted requests over RDP protocol to a targeted system.

This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is 'wormable', meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.

The May 2019 release includes updates for a critical vulnerability affecting the Remote Desktop Services service in older operating systems; we recommend customers install as soon as possible. More details here: https://t.co/RfhLk0OSX7 — Security Response (@msftsecresponse) May 14, 2019

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Out-of-support systems include Windows 2003 and Windows XP. Customers running Windows 8 and Windows 10 are not affected by this vulnerability.

Other Critical and Important Vulnerabilities

Microsoft has released a security update titled " Windows Error Reporting Elevation of Privilege Vulnerability " (CVE-2019-0863) that was discovered by Palo Alto Networks. This vulnerability has been discovered being actively exploited in the wild.

Another publicly disclosed vulnerability affects Skype for Android app. The vulnerability (CVE-2019-0932) could allow an attacker to listen to the conversation of Skype users without their knowledge. To successfully exploit this vulnerability, all an attacker needs is to call an Android phone with Skype for Android installed that's also paired with a Bluetooth device.

Run the Patch Tuesday Report

Similar to previous months , we've created a report which checks if the assets in your network are on the latest Microsoft patch update . It's color-coded to give you an easy and quick overview which assets are already on the latest Windows update, and which ones still need to be patched.

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.