This post is also available in: 日本語 (Japanese)
Palo Alto Networks Unit 42 threat researchers have discovered one new vulnerability addressed by the Microsoft Security Response Center (MSRC) as part of their June 2019 security update release, as well as nine additional vulnerabilities that were addressed in May 2019. The severity of the vulnerabilities discovered were all rated “Important.”
Palo Alto Networks customers who deploy our Next-Generation Security Platform according to best practices and have a Threat Prevention Subscription are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Traps’ multi-layered exploit prevention capabilities. Threat prevention capabilities such as vulnerability protection with IPS and WildFire provide our customers with comprehensive protection and automatic updates against previously unknown threats.
Palo Alto Networks appreciates the recognition and credit Microsoft has given our Unit 42 threat researchers. Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Android, and other ecosystems with more than 200 critical vulnerabilities discovered. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government, and service provider networks.
For additional information and prioritization for patching vulnerabilities, Palo Alto Networks recommends reviewing the SANS ISC (Internet Storm Center) Microsoft June Vulnerability summary.
| CVE | Vulnerability Category | Impact | Maximum Severity Rating | Researcher(s) |
| CVE-2019-0909 | Jet Database Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Gal De Leon and Bar Lahav |
| CVE-2019-0863 | Windows Error Reporting Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Gal De Leon |
| CVE-2019-0889 | Jet Database Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Bar Lahav and Gal De Leon |
| CVE-2019-0890 | Jet Database Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Bar Lahav and Gal De Leon |
| CVE-2019-0891 | Jet Database Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Bar Lahav and Gal De Leon |
| CVE-2019-0899 | Jet Database Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Gal De Leon and Bar Lahav |
| CVE-2019-0900 | Jet Database Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Bar Lahav and Gal De Leon |
| CVE-2019-0901 | Jet Database Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Bar Lahav and Gal De Leon |
| CVE-2019-0902 | Jet Database Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Bar Lahav and Gal De Leon |
| CVE-2019-0947 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Remote Code Execution | Important | Bar Lahav and Gal De Leon |
Get updates from
Palo Alto
Networks!
Sign up to receive the latest news, cyber threat intelligence and research from us
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.