Patch Tuesday: Microsoft Security Bulletin Summary for April 2019

Microsoft Security Bulletin April 2019 is back with its monthly set of security updates, addressing a total of 75 vulnerabilities with 17 rated critical and 58 rated important. More than 30 vulnerabilities can lead to Remote Code Execution. 2 CVEs are being exploited in the wild and need immediate attention. There are no CVEs which were publicly disclosed.

Zero-Days for the month

Repeating the pattern from March, CVE-2019-0803 and CVE-2019-0859 are two Win32k elevation of privilege vulnerabilities which are being actively exploited in the wild. These two bugs were reported by Alibaba Cloud Intelligence Security Team and Kaspersky Labs respectively. The flaws exist due to improper handling of objects in the memory by the Win32k component in Windows. An attacker who has logged on to the system can run arbitrary code in kernel mode on successful exploitation and eventually install programs, modify data or create new accounts with full user rights. Users running Windows 10, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2012,  Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 are advised to update their machines immediately.

A glimpse of Critical Vulnerabilities

There are 17 critical vulnerabilities reported this month including one Latest Servicing Stack Update. Eight Memory Corruption vulnerabilties are affecting Microsoft Scripting Engine and five Remote Code Excecution vulnerabilities are affecting Microsoft XML. Other applications affected by critical vulnerabilities include Adobe Flash Player, GDI+, Windows IOleCvt Interface and Windows SMB Server.

CVE-2019-0829, CVE-2019-0812, CVE-2019-0806, CVE-2019-0861, CVE-2019-0860 and CVE-2019-0810 are similar vulnerabilities that exist in the way Chakra scripting engine handles the objects in memory in Microsoft Edge. An attacker can execute arbitrary code in the context of the current user and also take control of the affected system on successful exploitation. An attacker can convince a user into visiting malicious websites to exploit the underlying vulnerability. Microsoft predicts that these vulnerabilities are highly exploitable.

CVE-2019-0793 is another vulnerability that is more likely to be exploited. This is a remote code execution vulnerability in Microsoft XML. A user can be convinced into visiting compromised websites by clicking on malicious links sent through emails or instant messaging applications. This gives a remote attacker a way to take full control of the system by running a malicious code.

April 2019 Patch Tuesday release consists of security updates for the following products:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Microsoft Exchange Server
  • Team Foundation Server
  • Azure DevOps Server
  • Open Enclave SDK
  • Windows Admin Center

Microsoft security bulletin summary for April 2019:

Product : Adobe Flash Player
CVEs/Advisory : ADV190011
Impact : Remote Code Execution
Severity : Critical
KBs : 4493478

Product : Internet Explorer
CVEs/Advisory : CVE-2019-0752, CVE-2019-0753, CVE-2019-0764, CVE-2019-0835, CVE-2019-0862
Severity : Critical
Impact : Information Disclosure, Remote Code Execution, Tampering
KBs : 4493435, 4493441, 4493446, 4493451, 4493464, 4493470, 4493471, 4493472, 4493474, 4493475, 4493509

Product : Microsoft Edge
CVEs/Advisory : CVE-2019-0739, CVE-2019-0764, CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0833, CVE-2019-0860, CVE-2019-0861
Severity : Critical
Impact : Information Disclosure, Remote Code Execution, Tampering
KBs : 4493441, 4493464, 4493470, 4493474, 4493475, 4493509

Product : Microsoft Windows
CVEs/Advisory : CVE-2019-0685, CVE-2019-0688, CVE-2019-0730, CVE-2019-0731, CVE-2019-0732, CVE-2019-0735, CVE-2019-0786, CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0794, CVE-2019-0795, CVE-2019-0796, CVE-2019-0802, CVE-2019-0803, CVE-2019-0805, CVE-2019-0813, CVE-2019-0814, CVE-2019-0836, CVE-2019-0837, CVE-2019-0838, CVE-2019-0839, CVE-2019-0840, CVE-2019-0841, CVE-2019-0842, CVE-2019-0844, CVE-2019-0845, CVE-2019-0846, CVE-2019-0847, CVE-2019-0848, CVE-2019-0849, CVE-2019-0851, CVE-2019-0853, CVE-2019-0856, CVE-2019-0859, CVE-2019-0877, CVE-2019-0879
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KBs : 4493441, 4493446, 4493448, 4493450, 4493451, 4493458, 4493464, 4493467, 4493470, 4493471, 4493472, 4493474, 4493475, 4493509, 4493552

Product : ChakraCore
CVEs/Advisory : CVE-2019-0739, CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861
Severity : Critical
Impact : Remote Code Execution

Product : ASP.NET Core
CVEs/Advisory : CVE-2019-0815
Severity : Important
Impact : Denial of Service

Product : Microsoft Exchange Server
CVEs/Advisory : CVE-2019-0817, CVE-2019-0858
Impact : Spoofing
Severity : Important
KBs : 4487563, 4491413

Product : Team Foundation Server
CVEs/Advisory : CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871
Severity : Important
Impact : Spoofing

Product : Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory : CVE-2019-0801, CVE-2019-0822, CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827, CVE-2019-0828, CVE-2019-0830, CVE-2019-0831
Severity : Important
Impact : Elevation of Privilege, Remote Code Execution, Spoofing
KBs : 4462204, 4462209, 4462213, 4462223, 4462230, 4462236, 4462242, 4464504, 4464510, 4464511, 4464515, 4464518, 4464520, 4464525, 4464528

Product : Azure DevOps Server
CVEs/Advisory : CVE-2019-0857, CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0869, CVE-2019-0870, CVE-2019-0871, CVE-2019-0874, CVE-2019-0875
Severity : Important
Impact : Elevation of Privilege, Spoofing

Product : Open Enclave SDK
CVEs/Advisory : CVE-2019-0815
Severity : Important
Impact : Information Disclosure

Product : Windows Admin Center
CVEs/Advisory : CVE-2019-0813
Severity : Important
Impact : Elevation of Privilege
KBs : 4493552

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.