Jump to content

Microsoft's April Patch Tuesday comes with fixes for two Windows zero-days


The AchieVer

Recommended Posts

The AchieVer

Microsoft's April Patch Tuesday comes with fixes for two Windows zero-days

April 2019 Patch Tuesday comes with 74 security fixes, including patches for two Windows zero-days.

 
Microsoft

 

Today, Microsoft released its monthly batch of security updates known as Patch Tuesday. This month's security release addresses 74 vulnerabilities in a wide range of Microsoft products, including two actively exploited zero-days. 

 

This is the second month in a row that Microsoft has patched two zero-days, after patching two similar issues last month.

THE WINDOWS ZERO-DAYS

The two zero-days patched this month are both the same kind of vulnerability. Both are elevation of privilege vulnerabilities impacting Win32k, a core component of the Windows operating system. 

They are CVE-2019-0803 and CVE-2019-0859. Despite being discovered by two separate security teams -Alibaba Cloud Intelligence Security Team, and Kaspersky Lab, respectively- Microsoft describes the two zero-days in the same manner. 

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. 

The update addresses this vulnerability by correcting how Win32k handles objects in memory. 

At the time of writing, no details are available about the two vulnerabilities, except the fact that they've been under active exploitation. 

However, if we take into account that Kaspersky has reported to Microsoft six Windows Win32k elevation of privilege zero-days in the past six months, we can safely assume that CVE-2019-0859 is another zero-day exploited by a nation-state hacking group, just like all the zero-days Kaspersky has reported in the past. 

OTHER NOTABLE SECURITY FLAWS 

 

But besides the Windows zero-days, there are also other notable security bugs in Microsoft products that users should take note of and prepare to apply this month's patches. 

For example, there are three Microsoft Office Access Connectivity bugs (CVE-2019-0824CVE-2019-0825CVE-2019-0827) that can allow attackers to execute code on vulnerable systems. All bugs can be exploited remotely, making all three issues dangerous in the context of an enterprise environment. 

A similar remote code execution (CVE-2019-0853) also impacts the Windows GDI+ component when parsing EMF files. Taking into account that exploiting this vulnerability can be done by convincing users to visit a website or by emailing users malicious files, this, too, is a very serious issue that users should consider when deciding to apply or delay this month's patches. 

ADOBE AND SAP ALSO RELEASE UPDATES. 

 

Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobeand SAP also published their respective security updates earlier today. 

More in-depth information on today's Patch Tuesday updates is available on Microsoft's official Security Update Guide portal. You can also consult the table embedded below, or to this Patch Tuesday report generated by ZDNet. 

Tag CVE ID CVE Title
Servicing Stack Updates  ADV990001 Latest Servicing Stack Updates 
Adobe Flash Player  ADV190011 April 2019 Adobe Flash Security Update 
.NET Core  CVE-2019-0815 ASP.NET Core Denial of Service Vulnerability 
CSRSS  CVE-2019-0735 Windows CSRSS Elevation of Privilege Vulnerability 
Microsoft Browsers  CVE-2019-0764 Microsoft Browsers Tampering Vulnerability 
Microsoft Edge  CVE-2019-0833 Microsoft Edge Information Disclosure Vulnerability 
Microsoft Exchange Server  CVE-2019-0817 Microsoft Exchange Spoofing Vulnerability 
Microsoft Exchange Server  CVE-2019-0858 Microsoft Exchange Spoofing Vulnerability 
Microsoft Graphics Component  CVE-2019-0803 Win32k Elevation of Privilege Vulnerability 
Microsoft Graphics Component  CVE-2019-0802 Windows GDI Information Disclosure Vulnerability 
Microsoft Graphics Component  CVE-2019-0849 Windows GDI Information Disclosure Vulnerability 
Microsoft Graphics Component  CVE-2019-0853 GDI+ Remote Code Execution Vulnerability 
Microsoft JET Database Engine  CVE-2019-0851 Jet Database Engine Remote Code Execution Vulnerability 
Microsoft JET Database Engine  CVE-2019-0879 Jet Database Engine Remote Code Execution Vulnerability 
Microsoft JET Database Engine  CVE-2019-0877 Jet Database Engine Remote Code Execution Vulnerability 
Microsoft JET Database Engine  CVE-2019-0847 Jet Database Engine Remote Code Execution Vulnerability 
Microsoft JET Database Engine  CVE-2019-0846 Jet Database Engine Remote Code Execution Vulnerability 
Microsoft Office  CVE-2019-0826 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office  CVE-2019-0801 Office Remote Code Execution Vulnerability 
Microsoft Office  CVE-2019-0823 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office  CVE-2019-0828 Microsoft Excel Remote Code Execution Vulnerability 
Microsoft Office  CVE-2019-0822 Microsoft Graphics Components Remote Code Execution Vulnerability 
Microsoft Office  CVE-2019-0827 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office  CVE-2019-0824 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office  CVE-2019-0825 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office SharePoint  CVE-2019-0831 Microsoft Office SharePoint XSS Vulnerability 
Microsoft Office SharePoint  CVE-2019-0830 Microsoft Office SharePoint XSS Vulnerability 
Microsoft Scripting Engine  CVE-2019-0752 Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0861 Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0862 Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0860 Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0835 Microsoft Scripting Engine Information Disclosure Vulnerability 
Microsoft Scripting Engine  CVE-2019-0753 Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0806 Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0739 Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0810 Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0812 Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine  CVE-2019-0829 Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Windows  CVE-2019-0840 Windows Kernel Information Disclosure Vulnerability 
Microsoft Windows  CVE-2019-0838 Windows Information Disclosure Vulnerability 
Microsoft Windows  CVE-2019-0796 Windows Elevation of Privilege Vulnerability 
Microsoft Windows  CVE-2019-0839 Windows Information Disclosure Vulnerability 
Microsoft Windows  CVE-2019-0836 Windows Elevation of Privilege Vulnerability 
Microsoft Windows  CVE-2019-0837 DirectX Information Disclosure Vulnerability 
Microsoft Windows  CVE-2019-0794 OLE Automation Remote Code Execution Vulnerability 
Microsoft Windows  CVE-2019-0814 Win32k Information Disclosure Vulnerability 
Microsoft Windows  CVE-2019-0805 Windows Elevation of Privilege Vulnerability 
Microsoft Windows  CVE-2019-0848 Win32k Information Disclosure Vulnerability 
Microsoft Windows  CVE-2019-0730 Windows Elevation of Privilege Vulnerability 
Microsoft Windows  CVE-2019-0688 Windows TCP/IP Information Disclosure Vulnerability 
Microsoft Windows  CVE-2019-0845 Windows IOleCvt Interface Remote Code Execution Vulnerability 
Microsoft Windows  CVE-2019-0685 Win32k Elevation of Privilege Vulnerability 
Microsoft Windows  CVE-2019-0842 Windows VBScript Engine Remote Code Execution Vulnerability 
Microsoft Windows  CVE-2019-0841 Windows Elevation of Privilege Vulnerability 
Microsoft Windows  CVE-2019-0731 Windows Elevation of Privilege Vulnerability 
Microsoft Windows  CVE-2019-0732 Windows Security Feature Bypass Vulnerability 
Microsoft XML  CVE-2019-0793 MS XML Remote Code Execution Vulnerability 
Microsoft XML  CVE-2019-0791 MS XML Remote Code Execution Vulnerability 
Microsoft XML  CVE-2019-0790 MS XML Remote Code Execution Vulnerability 
Microsoft XML  CVE-2019-0792 MS XML Remote Code Execution Vulnerability 
Microsoft XML  CVE-2019-0795 MS XML Remote Code Execution Vulnerability 
Open Source Software  CVE-2019-0876 Open Enclave SDK Information Disclosure Vulnerability 
Team Foundation Server  CVE-2019-0870 Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server  CVE-2019-0869 Team Foundation Server HTML Injection Vulnerability 
Team Foundation Server  CVE-2019-0868 Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server  CVE-2019-0874 Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server  CVE-2019-0871 Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server  CVE-2019-0875 Azure DevOps Server Elevation of Privilege Vulnerability 
Team Foundation Server  CVE-2019-0867 Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server  CVE-2019-0857 Team Foundation Server Spoofing Vulnerability 
Team Foundation Server  CVE-2019-0866 Team Foundation Server Cross-site Scripting Vulnerability 
Windows Admin Center  CVE-2019-0813 Windows Admin Center Elevation of Privilege Vulnerability 
Windows Kernel  CVE-2019-0856 Windows Remote Code Execution Vulnerability 
Windows Kernel  CVE-2019-0859 Win32k Elevation of Privilege Vulnerability 
Windows Kernel  CVE-2019-0844 Windows Kernel Information Disclosure Vulnerability 
Windows SMB Server  CVE-2019-0786 SMB Server Elevation of Privilege Vulnerability 
 
 
 

 

Link to comment
Share on other sites


  • Views 380
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...