Hot on the heels of several Apple security advisories on Monday, May's Patch Tuesday sees Microsoft fix nearly 80 vulnerabilities across their product line, some of them very serious indeed, and Adobe address over 80 in Acrobat Reader alone. A fix for a critical remote code execution (RCE) vulnerability in Flash was also released, as well as a security update for Adobe Media Encoder that resolves two CVEs.
The most worrisome vulnerability published today is CVE-2019-0708, which affects Windows 7, Windows Server 2008 R2, and Windows Server 2008 systems running Remote Desktop Services (RDS). Microsoft considers this so critical that they've even issued a patch for versions of Windows outside of mainstream support such as Windows XP and Server 2003. This is reminiscent of the EternalBlue exploit leak two years ago (nearly to the day), when Microsoft patched out-of-support versions of Windows against MS17-010 in response to the WannaCry ransomware outbreak. If for some reason timely patching is not an option, mitigations for this include disabling RDS if it's not necessary for regular operations, or ensuring that port 3389 is blocked at the network perimeter. This bug is exploitable ..