It's Patch Tuesday—the day when Microsoft releases monthly security updates for its software.
Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users' interaction.
Out of 79 vulnerabilities, 18 issues have been rated as critical and rest Important in severity. Two of the vulnerabilities addressed this month by the tech giant are listed as publicly known, of which one is listed as under active attack at the time of release.
May 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.
Critical Wormable RDP Vulnerability
The wormable vulnerability (CVE-2019-0708) resides in Remote Desktop Services – formerly known as Terminal Services – that could be exploited remotely by sending specially crafted requests over RDP protocol to a targeted system.
The vulnerability could be exploited to spread wormable malware in a similar way as the WannaCry malware spread across the globe in 2017.
"This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system," Microsoft said in an advisory detailing the Wormable vulnerability.
"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this v ..