Microsoft security updates for April 2019 released under patch tuesday with the fixes of 74 vulnerabilities including 2 Zero-day vulnerabilities that are actively being exploited in Wide.
Microsoft marked 15 vulnerabilities as “Critical” that affected different Microsoft products and the users are urged to apply the patch immediately to protect your Windows system.
Microsoft April security patch release consists of security updates for the following software:
- Adobe Flash Player
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- ASP.NET
- Microsoft Exchange Server
- Team Foundation Server
- Azure DevOps Server
- Open Enclave SDK
- Windows Admin Center
Two of the Tuesday zero-day vulnerabilities CVE-2019-0803 and CVE-2019-0859 already being exploited in the wild that causes unauthorized elevation of privilege, and affect all supported versions of Windows.
First one reported by Win32K Elevation of Privilege Vulnerability Alibaba Cloud Intelligence Security Team and the successfully exploited this vulnerability could run arbitrary code in kernel mode.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Second Vulnerability spotted by Kaspersky research team, “An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode .
Microsoft security updates List
Microsoft Windows
| Microsoft Windows | CVE-2019-0840 | Windows Kernel Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0838 | Windows Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0796 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0839 | Windows Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0836 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0837 | DirectX Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0794 | OLE Automation Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0814 | Win32k Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0805 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0848 | Win32k Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0730 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0688 | Windows TCP/IP Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0685 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0842 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0841 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0731 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0732 | Windows Security Feature Bypass Vulnerability |
Microsoft Script Engine
| Microsoft Scripting Engine | CVE-2019-0752 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0861 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0862 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0860 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0835 | Microsoft Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0753 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0806 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0739 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0810 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0812 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0829 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Office
| Microsoft Office | CVE-2019-0826 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0801 | Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0823 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0828 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0822 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0827 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0824 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0825 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine
| Microsoft JET Database Engine | CVE-2019-0851 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0879 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0877 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0847 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0846 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft Graphics Component
| Microsoft Graphics Component | CVE-2019-0803 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-0802 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0849 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0853 | GDI+ Remote Code Execution Vulnerability |
Microsoft XML
| Microsoft XML | CVE-2019-0793 | MS XML Remote Code Execution Vulnerability |
| Microsoft XML | CVE-2019-0791 | MS XML Remote Code Execution Vulnerability |
| Microsoft XML | CVE-2019-0790 | MS XML Remote Code Execution Vulnerability |
| Microsoft XML | CVE-2019-0792 | MS XML Remote Code Execution Vulnerability |
| Microsoft XML | CVE-2019-0795 | MS XML Remote Code Execution Vulnerability |
Team Foundation Server
| eam Foundation Server | CVE-2019-0870 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0869 | Team Foundation Server HTML Injection Vulnerability |
| Team Foundation Server | CVE-2019-0868 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0874 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0871 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0875 | Azure DevOps Server Elevation of Privilege Vulnerability |
| Team Foundation Server | CVE-2019-0867 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0857 | Team Foundation Server Spoofing Vulnerability |
| Team Foundation Server | CVE-2019-0866 | Team Foundation Server Cross-site Scripting Vulnerability |
Windows Kernel
| Windows Kernel | CVE-2019-0856 | Windows Remote Code Execution Vulnerability |
| Windows Kernel | CVE-2019-0859 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-0844 | Windows Kernel Information Disclosure Vulnerability |
Other Microsoft Products
| .NET Core | CVE-2019-0815 | ASP.NET Core Denial of Service Vulnerability |
| Adobe Flash Player | ADV190011 | April 2019 Adobe Flash Security Update |
| CSRSS | CVE-2019-0735 | Windows CSRSS Elevation of Privilege Vulnerability |
| Microsoft Browsers | CVE-2019-0764 | Microsoft Browsers Tampering Vulnerability |
| Microsoft Edge | CVE-2019-0833 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Exchange Server | CVE-2019-0817 | Microsoft Exchange Spoofing Vulnerability |
| Microsoft Exchange Server | CVE-2019-0858 | Microsoft Exchange Spoofing Vulnerability |
To read the original article:
https://gbhackers.com/microsoft-released-security-updates-3/