Patching in Review – Week 19 of 2019

It looks like this week has been a well-deserved break from the reliability issues that plagued April’s Microsoft patches, but next week brings another week of upcoming security patches. Make sure to register for our May Patch Tuesday webinar to get the latest developments on these upcoming updates.

Microsoft Vulnerabilities

While there were no high-profile security fixes released this week, two notable Microsoft vulnerabilities did make the news.

First, a new Exchange backdoor was discovered by ESET this week that’s notable in its complexity. According to ZDNet, ESET discovered the backdoor, named LightNeuron, which was designed specifically for Exchange and works as a message transfer agent. This allows the attacker to have the complete ability to intercept, redirect, or edit incoming or outgoing content. Alarmingly enough, ESET says that the APT group “Turla” has been using this backdoor for almost five years! While there’s no known fix for this malware, ESET did release a whitepaper with further explanations and removal instructions.

A recently remediated SharePoint vulnerability is now under active attack according to AT&T Alien Labs researchers. According to DarkReading, Microsoft SharePoint servers are being exploited via the China Chopper web shell. Once the attacker had compromised the server, attackers then used PowerShell scripts to gain further access to establish internal monitoring of the network. The vulnerability under attack is CVE-2019-0604, which was initially fixed during March Patch Tuesday, but was further remediated during April Patch Tuesday with additional patches.

Third-Party Updates

Here are the third-party updates released by our supported vendors this week. While the week lacked any major CVEs, make sure to review the list so you may include these in your next patching cycle.