Microsoft released the monthly security updates on the established Patch Tuesday. The April security updates fix 74 vulnerabilities in a wide range of Microsoft products, along with two zero-days.
Patch Tuesday: The zero-day Windows
The two zero-days that were fixed this month are the same kind of vulnerability. Both involve raising permissions that affect Win32k, a key component of the Windows operating system.
These are the ones CVE-2019-0803 and CVE-2019-0859. which were discovered by two separate security teams. Zero-days were discovered by Cloud Intelligence security Alibaba Team and Kaspersky Lab, respectively, and Microsoft describe the two vulnerabilities in the same way.
There is a vulnerability in Windows permissions when Win32k fails to properly manage data in memory. An attacker who successfully exploits this vulnerability could execute arbitrary code in kernel mode. An attacker could then install programs. view, change, delete data, or even create new accounts with administrator privileges.
To exploit this vulnerability, the attacker must first log in to the system. Then a specially designed application could run to take advantage of the vulnerability and take full control of an affected system.
The update addresses the two vulnerabilities by fixing how Win32k manages data in memory.
So far it is not known if the two zero-days have been exploited by hackers.
However, given that Kaspersky has reported six zero-day Windows to Microsoft over the past six months, we can assume that CVE-2019-0859 is another vulnerability exploited by some state secret service.
Patch Tuesday: All vulnerabilities
Tags | CVE ID | CVE Title |
---|---|---|
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
Adobe Flash Player | ADV190011 | April 2019 Adobe Flash Security Update |
.NET Core | CVE-2019-0815 | ASP.NET Core Denial of Service Vulnerability |
CSRSS | CVE-2019-0735 | Windows CSRSS Elevation of Privilege Vulnerability |
Microsoft Browsers | CVE-2019-0764 | Microsoft Browsers Tampering Vulnerability |
Microsoft Edge | CVE-2019-0833 | Microsoft Edge Information Disclosure Vulnerability |
Microsoft Exchange Server | CVE-2019-0817 | Microsoft Exchange Spoofing Vulnerability |
Microsoft Exchange Server | CVE-2019-0858 | Microsoft Exchange Spoofing Vulnerability |
Microsoft Graphics Component | CVE-2019-0803 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2019-0802 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-0849 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2019-0853 | GDI+ Remote queues Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0851 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0879 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0877 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0847 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2019-0846 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0826 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0801 | Office Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0823 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0828 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0822 | Microsoft Graphics Components Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0827 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0824 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2019-0825 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2019-0831 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2019-0830 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Scripting Engine | CVE-2019-0752 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0861 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0862 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0860 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0835 | Microsoft Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2019-0753 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0806 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0739 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0810 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0812 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2019-0829 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Windows | CVE-2019-0840 | Windows Kernel Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-0838 | Windows Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-0796 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0839 | Windows Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-0836 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0837 | DirectX Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-0794 | OLE Automation Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-0814 | Win32k Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-0805 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0848 | Win32k Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-0730 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0688 | Windows TCP / IP Information Disclosure Vulnerability |
Microsoft Windows | CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-0685 | Win32k Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0842 | Windows VBScript Engine Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2019-0841 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0731 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2019-0732 | Windows Security Feature Bypass Vulnerability |
Microsoft XML | CVE-2019-0793 | MS XML Remote Code Execution Vulnerability |
Microsoft XML | CVE-2019-0791 | MS XML Remote Code Execution Vulnerability |
Microsoft XML | CVE-2019-0790 | MS XML Remote Code Execution Vulnerability |
Microsoft XML | CVE-2019-0792 | MS XML Remote Code Execution Vulnerability |
Microsoft XML | CVE-2019-0795 | MS XML Remote Code Execution Vulnerability |
Open Source Software | CVE-2019-0876 | Open Enclave SDK Information Disclosure Vulnerability |
Team Foundation Server | CVE-2019-0870 | Team Foundation Server Cross-site Scripting Vulnerability |
Team Foundation Server | CVE-2019-0869 | Team Foundation Server HTML Injection Vulnerability |
Team Foundation Server | CVE-2019-0868 | Team Foundation Server Cross-site Scripting Vulnerability |
Team Foundation Server | CVE-2019-0874 | Team Foundation Server Cross-site Scripting Vulnerability |
Team Foundation Server | CVE-2019-0871 | Team Foundation Server Cross-site Scripting Vulnerability |
Team Foundation Server | CVE-2019-0875 | Azure DevOps Server Elevation of Privilege Vulnerability |
Team Foundation Server | CVE-2019-0867 | Team Foundation Server Cross-site Scripting Vulnerability |
Team Foundation Server | CVE-2019-0857 | Team Foundation Server Spoofing Vulnerability |
Team Foundation Server | CVE-2019-0866 | Team Foundation Server Cross-site Scripting Vulnerability |
Windows Admin Center | CVE-2019-0813 | Windows Admin Center Elevation of Privilege Vulnerability |
Windows kernel | CVE-2019-0856 | Windows Remote Code Execution Vulnerability |
Windows kernel | CVE-2019-0859 | Win32k Elevation of Privilege Vulnerability |
Windows kernel | CVE-2019-0844 | Windows Kernel Information Disclosure Vulnerability |
Windows SMB Server | CVE-2019-0786 | SMB Server Elevation of Privilege Vulnerability |
___________
- Windows 10 May 2019 Update from today in Release Preview ring
- The difference between "feature updates" and "quality updates" in Windows 10
- Mozilla: Prepares Firefox to block push notifications