Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Security Advisory MTIS19-018 - Page 1 of 19
NEW THREAT OVERVIEW | PREVIOUS THREATS UPDATES | THREAT DETAILS
EXECUTIVE SUMMARY
May 14, 2019 | MTIS19-018
Since the last McAfee® Labs Security Advisory (April 12), the following noteworthy event has taken place:
Patches are available for multiple Microsoft security vulnerabilities
NEW THREAT OVERVIEW
(MSPT-May2019) Microsoft NDIS ndis.sys Privilege Escalation (CVE-2019-0707) MTIS19-018-A
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows Remote Desktop Services Remote Code Execution (CVE-2019-0708) MTIS19-018-B
IMPORTANCE: High
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows DHCP Remote Code Execution (CVE-2019-0725) MTIS19-018-C
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows Diagnostic Hub Standard Collector Privilege Escalation (CVE-2019-0727) MTIS19-018-D
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft WDAC PowerShell Security Bypass (CVE-2019-0733) MTIS19-018-E
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Security Advisory MTIS19-018 - Page 2 of 19
Back to top
(MSPT-May2019) Microsoft Windows Kerberos Elevation of Privilege Vulnerability (CVE-2019-0734) MTIS19-018-F
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows GDI Information Disclosure (CVE-2019-0758) MTIS19-018-G
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft SQL Server Analysis Services Information Disclosure (CVE-2019-0819) MTIS19-018-H
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft .NET Framework and Core Denial of Service (CVE-2019-0820) MTIS19-018-I
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows Error Reporting Privilege Escalation (CVE-2019-0863) MTIS19-018-J
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft .NET Framework Denial of Service (CVE-2019-0864) MTIS19-018-K
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Azure DevOps Server and Team Foundation Server Cross-site Scripting (CVE-2019- 0872) MTIS19-018-L
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
Security Advisory MTIS19-018 - Page 3 of 19
(MSPT-May2019) Microsoft Windows Kernel Privilege Escalation (CVE-2019-0881) MTIS19-018-M
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows GDI Information Disclosure (CVE-2019-0882) MTIS19-018-N
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Browsers Scripting Engine Remote Code Execution (CVE-2019-0884) MTIS19-018-O
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows OLE Remote Code Execution (CVE-2019-0885) MTIS19-018-P
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows Hyper-V Information Disclosure (CVE-2019-0886) MTIS19-018-Q
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0889) MTIS19-018-R
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0890) MTIS19-018-S
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0891) MTIS19-018-T
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
Security Advisory MTIS19-018 - Page 4 of 19
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Windows Win32k Privilege Escalation (CVE-2019-0892) MTIS19-018-U
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0893) MTIS19-018-V
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0894) MTIS19-018-W
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0895) MTIS19-018-X
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0896) MTIS19-018-Y
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0897) MTIS19-018-Z
IMPORTANCE: Low
COVERED PRODUCTS: Vulnerability Manager
UNDER ANALYSIS: DAT | Web Gateway | Firewall Enterprise
Back to top
THREAT DETAILS
(MSPT-May2019) Microsoft NDIS ndis.sys Privilege Escalation (CVE-2019-0707) MTIS19-018-A
THREAT IDENTIFIER(S) CVE-2019-0707
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
Security Advisory MTIS19-018 - Page 5 of 19
systems are at risk.
systems are at risk.
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft NDIS could lead to privilege escalation.
DESCRIPTION The flaw lies in the NDIS component. Successful exploitation could allow a local user to
gain elevated privileges. The exploit requires the attacker to have valid credentials to
the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows Remote Desktop Services Remote Code Execution (CVE-2019-0708) MTIS19-018-B
THREAT IDENTIFIER(S) CVE-2019-0708
THREAT TYPE Vulnerability
RISK ASSESSMENT High
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft Windows could lead to remote code
DESCRIPTION execution. The flaw lies in the Remote Desktop Services component. Successful
exploitation by a remote attacker could result in the execution of arbitrary code.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Security Advisory MTIS19-018 - Page 6 of 19
systems are at risk.
systems are at risk.
Back to top
(MSPT-May2019) Microsoft Windows DHCP Remote Code Execution (CVE-2019-0725) MTIS19-018-C
THREAT IDENTIFIER(S) CVE-2019-0725
THREAT TYPE Vulnerability
RISK ASSESSMENT High
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft Windows could lead to remote code
DESCRIPTION execution. The flaw lies in the DHCP component. Successful exploitation by a remote attacker
could result in the execution of arbitrary code.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows Diagnostic Hub Standard Collector Privilege Escalation (CVE-2019-0727) MTIS19-018-D
THREAT IDENTIFIER(S) CVE-2019-0727
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft Windows could lead to privilege
DESCRIPTION escalation. The flaw lies in the Diagnostics Hub Standard Collector component.
Successful exploitation could allow a local user to gain elevated privileges. The exploit
requires the attacker to have valid credentials to the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
Security Advisory MTIS19-018 - Page 7 of 19
systems are at risk.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft WDAC PowerShell Security Bypass (CVE-2019-0733) MTIS19-018-E
THREAT IDENTIFIER(S) CVE-2019-0733
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft WDAC could lead to security bypass. The
DESCRIPTION flaw lies in the WDAC component. Successful exploitation by a remote attacker could
result in the bypass of intended access restrictions. The exploit requires the attacker
to have valid credentials to the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows Kerberos Elevation of Privilege Vulnerability (CVE-2019-0734) MTIS19-018-F
THREAT IDENTIFIER(S) CVE-2019-0734
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft Windows could lead to privilege
DESCRIPTION escalation. The flaw lies in the Kerberos component. Successful exploitation could
allow a local user to gain elevated privileges. The exploit requires the attacker to have
valid credentials to the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
Security Advisory MTIS19-018 - Page 8 of 19
systems are at risk.
systems are at risk.
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows GDI Information Disclosure (CVE-2019-0758) MTIS19-018-G
THREAT IDENTIFIER(S) CVE-2019-0758
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Windows could lead to information
DESCRIPTION disclosure. The flaw lies in the GDI component. Successful exploitation by a remote
attacker could result in the disclosure of sensitive information. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft SQL Server Analysis Services Information Disclosure (CVE-2019-0819) MTIS19-018-H
THREAT IDENTIFIER(S) CVE-2019-0819
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft SQL Server could lead to information
Security Advisory MTIS19-018 - Page 9 of 19
systems are at risk.
systems are at risk.
disclosure. The flaw lies in the Analysis Services component. Successful exploitation by
a remote attacker could result in the disclosure of sensitive information. The exploit requires
the attacker to have valid credentials to the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft .NET Framework and Core Denial of Service (CVE-2019-0820) MTIS19-018-I
THREAT IDENTIFIER(S) CVE-2019-0820
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft .NET could lead to denial of service. The
DESCRIPTION flaw is due to improper handling of RegEx strings. Successful exploitation by a remote
attacker could result in a denial of service condition.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows Error Reporting Privilege Escalation (CVE-2019-0863)
DESCRIPTION
Security Advisory MTIS19-018 - Page 10 of 19
systems are at risk.
systems are at risk.
MTIS19-018-J
THREAT IDENTIFIER(S) CVE-2019-0863
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft Windows could lead to privilege
DESCRIPTION escalation. The flaw lies in the Error Reporting component. Successful exploitation
could allow a local user to gain elevated privileges. The exploit requires the attacker
to have valid credentials to the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft .NET Framework Denial of Service (CVE-2019-0864) MTIS19-018-K
THREAT IDENTIFIER(S) CVE-2019-0864
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft .NET could lead to denial of service. The
DESCRIPTION flaw lies in the Framework component. Successful exploitation by a remote attacker
could result in a denial of service condition. The exploit requires the attacker to have
valid credentials to the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
Security Advisory MTIS19-018 - Page 11 of 19
systems are at risk.
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Azure DevOps Server and Team Foundation Server Cross-site Scripting (CVE-2019- 0872) MTIS19-018-L
THREAT IDENTIFIER(S) CVE-2019-0872
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Azure DevOps Server and Team
DESCRIPTION Foundation Server could lead to remote code execution. The flaw is due to improper handling
of user provided input. Successful exploitation by an authenticated attacker could result in the
execution of arbitrary code.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows Kernel Privilege Escalation (CVE-2019-0881) MTIS19-018-M
THREAT IDENTIFIER(S) CVE-2019-0881
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft Windows could lead to privilege
DESCRIPTION escalation. The flaw lies in the Kernel component. Successful exploitation could allow a local user
to gain elevated privileges. The exploit requires the attacker to have valid credentials to the
vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
Security Advisory MTIS19-018 - Page 12 of 19
systems are at risk.
systems are at risk.
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows GDI Information Disclosure (CVE-2019-0882) MTIS19-018-N
THREAT IDENTIFIER(S) CVE-2019-0882
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Windows could lead to information
DESCRIPTION disclosure. The flaw lies in the GDI component. Successful exploitation by a remote
attacker could result in the disclosure of sensitive information. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Browsers Scripting Engine Remote Code Execution (CVE-2019-0884) MTIS19-018-O
THREAT IDENTIFIER(S) CVE-2019-0884
THREAT TYPE Vulnerability
RISK ASSESSMENT High
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Browsers could lead to remote code
DESCRIPTION execution. The flaw lies in the Scripting Engine component. Successful exploitation by
a remote attacker could result in the execution of arbitrary code. The exploit requires
Security Advisory MTIS19-018 - Page 13 of 19
systems are at risk.
systems are at risk.
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR DATABASES
Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows OLE Remote Code Execution (CVE-2019-0885) MTIS19-018-P
THREAT IDENTIFIER(S) CVE-2019-0885
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Windows could lead to remote code
DESCRIPTION execution. The flaw lies in the OLE component. Successful exploitation by a remote
attacker could result in the execution of arbitrary code. The exploit requires the user
to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows Hyper-V Information Disclosure (CVE-2019-0886) MTIS19-018-Q
Security Advisory MTIS19-018 - Page 14 of 19
systems are at risk.
systems are at risk.
THREAT IDENTIFIER(S) CVE-2019-0886
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft Windows could lead to information
DESCRIPTION disclosure. The flaw lies in the Hyper-V component.Successful exploitation by a remote
attacker could result in the disclosure of sensitive information. The exploit requires
the attacker to have valid credentials to the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0889) MTIS19-018-R
THREAT IDENTIFIER(S) CVE-2019-0889
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Jet could lead to remote code execution.
DESCRIPTION The flaw lies in the Jet Database Engine component. Successful exploitation by a
remote attacker could result in the execution of arbitrary code. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
Security Advisory MTIS19-018 - Page 15 of 19
systems are at risk.
systems are at risk.
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0890) MTIS19-018-S
THREAT IDENTIFIER(S) CVE-2019-0890
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Jet could lead to remote code execution.
DESCRIPTION The flaw lies in the Jet Database Engine component. Successful exploitation by a
remote attacker could result in the execution of arbitrary code. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0891) MTIS19-018-T
THREAT IDENTIFIER(S) CVE-2019-0891
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Jet could lead to remote code execution.
DESCRIPTION The flaw lies in the Jet Database Engine component. Successful exploitation by a
remote attacker could result in the execution of arbitrary code. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
Security Advisory MTIS19-018 - Page 16 of 19
systems are at risk.
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Windows Win32k Privilege Escalation (CVE-2019-0892) MTIS19-018-U
THREAT IDENTIFIER(S) CVE-2019-0892
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED No
A vulnerability in some versions of Microsoft Windows could lead to privilege
DESCRIPTION escalation. The flaw lies in the Win32k component. Successful exploitation could allow
a local user to gain elevated privileges. The exploit requires the attacker to have valid
credentials to the vulnerable system.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0893) MTIS19-018-V
THREAT IDENTIFIER(S) CVE-2019-0893
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Jet could lead to remote code execution.
DESCRIPTION The flaw lies in the Jet Database Engine component. Successful exploitation by a
remote attacker could result in the execution of arbitrary code. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
Security Advisory MTIS19-018 - Page 17 of 19
systems are at risk.
systems are at risk.
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0894) MTIS19-018-W
THREAT IDENTIFIER(S) CVE-2019-0894
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Jet could lead to remote code execution.
DESCRIPTION The flaw lies in the Jet Database Engine component. Successful exploitation by a
remote attacker could result in the execution of arbitrary code. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0895) MTIS19-018-X
THREAT IDENTIFIER(S) CVE-2019-0895
THREAT TYPE Vulnerability
Security Advisory MTIS19-018 - Page 18 of 19
systems are at risk.
systems are at risk.
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Jet could lead to remote code execution.
DESCRIPTION The flaw lies in the Jet Database Engine component. Successful exploitation by a
remote attacker could result in the execution of arbitrary code. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0896) MTIS19-018-Y
THREAT IDENTIFIER(S) CVE-2019-0896
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Jet could lead to remote code execution.
DESCRIPTION The flaw lies in the Jet Database Engine component. Successful exploitation by a
remote attacker could result in the execution of arbitrary code. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Security Advisory MTIS19-018 - Page 19 of 19
systems are at risk.
Back to top
(MSPT-May2019) Microsoft Jet Database Engine Remote Code Execution (CVE-2019-0897) MTIS19-018-Z
THREAT IDENTIFIER(S) CVE-2019-0897
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Web
USER INTERACTION REQUIRED Yes
A vulnerability in some versions of Microsoft Jet could lead to remote code execution.
DESCRIPTION The flaw lies in the Jet Database Engine component. Successful exploitation by a
remote attacker could result in the execution of arbitrary code. The exploit requires
the user to open a vulnerable website, email or document.
IMPORTANCE Low. On May 14, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE
DAT FILES Under analysis
VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER The FSL/MVM package of May 14 includes a vulnerability check to assess if your
WEB GATEWAY Under analysis
REMEDIATION MANAGER Not applicable
POLICY AUDITOR An upcoming SCAP content release will contain coverage for this issue.
NETWORK ACCESS CONTROL An upcoming SCAP content release will contain coverage for this issue.
FIREWALL ENTERPRISE Under analysis
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary
Back to top
For McAfee Technical Support, click here.
For Multi- National Phone Support, click here.
McAfee values your feedback on this Security Advisory. Please reply to this mail with your comments.
*The information provided is only for the use and convenience of McAfee's customers in connection with their McAfee products, and applies only to the
threats described herein. McAfee product coverage statements are limited to known attack vectors and should not be considered comprehensive. THE
INFORMATION PROVIDED HEREIN IS PROVIDED "AS IS" AND IS SUBJECT TO CHANGE WITHOUT NOTICE.
The information contained herein is the property of McAfee, LLC and may not be reproduced or disseminated without the expressed written consent of
McAfee, LLC.
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and
brands may be claimed as the property of others.
McAfee, Inc. 2821 Mission College Blvd, Santa Clara, CA 95054 888.847.8766 www.mcafee.com
® 2018 McAfee, LLC. All rights reserved.