From Microsoft this month, we get forty-six updates, addressing seventy-nine distinct vulnerabilities in the usual gang of idiots, namely Windows, Office, Internet Explorer, Edge, .NET, Flash in Internet Explorer, and Visual Studio. Nineteen of the updates have been flagged with Critical severity. Head over to Microsoft’s Security Update Guide for more details.
Those of you running Windows 10 may actually be satisfied with its automatic updates, despite the problems. Either that or you’ve given up fighting Microsoft. And of course there are plenty of folks running Windows 7 and 8 with automatic updates enabled, in response to which I can only tip my hat and tell you that you’re braver than I. The rest of us will (or should) be making the trudge over to Windows Update today.
Microsoft dons a white hat
One of the updates made available by Microsoft today fixes a serious vulnerability (CVE-2019-0708) in older versions of Windows, including Windows 7, XP, and Server 2008. Despite the fact that official support for these versions has ended, Microsoft decided to make the world a slightly better place, taking the time to develop, test, and publish these updates. Which is good, because the hole being fixed is a bad one, in that it could provide a handy new conduit for malicious software worms to propagate… just like WannaCry did in 2017.
So, two things: first of all, thanks Microsoft! Second, if you run Windows 7 or Windows Server 2008 computers, please check Windows Update and install the May 2019 monthly security rollup as described on this Microsoft page. For any computers running Windows XP, you’ll have to download the appropriate update from the Microsoft Update Catalog, as decribed on this Microsoft page.
More about Microsoft’s unusual move
- Microsoft: Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)
- Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019
- Brian Krebs: Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
- Ars Technica: Microsoft warns wormable Windows bug could lead to another WannaCry
- SANS: Microsoft May 2019 Patch Tuesday
Adobe’s contribution this month consists of new versions of Flash and Acrobat Reader. Flash 188.8.131.52 addresses a single security vulnerability, while Acrobat Reader DC 2019.012.20034 addresses a whopping eighty-four vulnerabilities in earlier versions.
Reader will generally update itself, but you can make sure by navigating its menu to
Check for Updates.... The easiest way to update Flash is to look for it in the Windows Control Panel. Go to the
Updates tab of the Flash control panel widget and click
Check Now. This will take you indirectly to the download page for Flash. Make sure you opt out of any additional software offered for install on that page.