Microsoft’s April 2019 update fixed 74 security vulnerabilities plus two zero-day exploits

Microsoft released its monthly batch of security updates known as Patch Tuesday. This month’s security release addresses 74 vulnerabilities in a wide range of Microsoft products, including two actively exploited zero-days. 

This is the second month in a row that Microsoft has patched two zero-days, after patching two similar issues last month.

ZERO-DAYS :

The two zero-days patched this month are both the same kind of vulnerability. Both are elevation of privilege vulnerabilities impacting Win32k, a core component of the Windows operating system. 

They are CVE-2019-0803 and CVE-2019-0859. Despite being discovered by two separate security teams -Alibaba Cloud Intelligence Security Team, and Kaspersky Lab, respectively- Microsoft describes the two zero-days in the same manner. 

TagCVE IDCVE Title
Servicing Stack Updates ADV990001Latest Servicing Stack Updates 
Adobe Flash Player ADV190011April 2019 Adobe Flash Security Update 
.NET Core CVE-2019-0815ASP.NET Core Denial of Service Vulnerability 
CSRSS CVE-2019-0735Windows CSRSS Elevation of Privilege Vulnerability 
Microsoft Browsers CVE-2019-0764Microsoft Browsers Tampering Vulnerability 
Microsoft Edge CVE-2019-0833Microsoft Edge Information Disclosure Vulnerability 
Microsoft Exchange Server CVE-2019-0817Microsoft Exchange Spoofing Vulnerability 
Microsoft Exchange Server CVE-2019-0858Microsoft Exchange Spoofing Vulnerability 
Microsoft Graphics Component CVE-2019-0803Win32k Elevation of Privilege Vulnerability 
Microsoft Graphics Component CVE-2019-0802Windows GDI Information Disclosure Vulnerability 
Microsoft Graphics Component CVE-2019-0849Windows GDI Information Disclosure Vulnerability 
Microsoft Graphics Component CVE-2019-0853GDI+ Remote Code Execution Vulnerability 
Microsoft JET Database Engine CVE-2019-0851Jet Database Engine Remote Code Execution Vulnerability 
Microsoft JET Database Engine CVE-2019-0879Jet Database Engine Remote Code Execution Vulnerability 
Microsoft JET Database Engine CVE-2019-0877Jet Database Engine Remote Code Execution Vulnerability 
Microsoft JET Database Engine CVE-2019-0847Jet Database Engine Remote Code Execution Vulnerability 
Microsoft JET Database Engine CVE-2019-0846Jet Database Engine Remote Code Execution Vulnerability 
Microsoft Office CVE-2019-0826Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office CVE-2019-0801Office Remote Code Execution Vulnerability 
Microsoft Office CVE-2019-0823Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office CVE-2019-0828Microsoft Excel Remote Code Execution Vulnerability 
Microsoft Office CVE-2019-0822Microsoft Graphics Components Remote Code Execution Vulnerability 
Microsoft Office CVE-2019-0827Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office CVE-2019-0824Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office CVE-2019-0825Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 
Microsoft Office SharePoint CVE-2019-0831Microsoft Office SharePoint XSS Vulnerability 
Microsoft Office SharePoint CVE-2019-0830Microsoft Office SharePoint XSS Vulnerability 
Microsoft Scripting Engine CVE-2019-0752Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0861Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0862Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0860Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0835Microsoft Scripting Engine Information Disclosure Vulnerability 
Microsoft Scripting Engine CVE-2019-0753Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0806Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0739Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0810Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0812Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Scripting Engine CVE-2019-0829Chakra Scripting Engine Memory Corruption Vulnerability 
Microsoft Windows CVE-2019-0840Windows Kernel Information Disclosure Vulnerability 
Microsoft Windows CVE-2019-0838Windows Information Disclosure Vulnerability 
Microsoft Windows CVE-2019-0796Windows Elevation of Privilege Vulnerability 
Microsoft Windows CVE-2019-0839Windows Information Disclosure Vulnerability 
Microsoft Windows CVE-2019-0836Windows Elevation of Privilege Vulnerability 
Microsoft Windows CVE-2019-0837DirectX Information Disclosure Vulnerability 
Microsoft Windows CVE-2019-0794OLE Automation Remote Code Execution Vulnerability 
Microsoft Windows CVE-2019-0814Win32k Information Disclosure Vulnerability 
Microsoft Windows CVE-2019-0805Windows Elevation of Privilege Vulnerability 
Microsoft Windows CVE-2019-0848Win32k Information Disclosure Vulnerability 
Microsoft Windows CVE-2019-0730Windows Elevation of Privilege Vulnerability 
Microsoft Windows CVE-2019-0688Windows TCP/IP Information Disclosure Vulnerability 
Microsoft Windows CVE-2019-0845Windows IOleCvt Interface Remote Code Execution Vulnerability 
Microsoft Windows CVE-2019-0685Win32k Elevation of Privilege Vulnerability 
Microsoft Windows CVE-2019-0842Windows VBScript Engine Remote Code Execution Vulnerability 
Microsoft Windows CVE-2019-0841Windows Elevation of Privilege Vulnerability 
Microsoft Windows CVE-2019-0731Windows Elevation of Privilege Vulnerability 
Microsoft Windows CVE-2019-0732Windows Security Feature Bypass Vulnerability 
Microsoft XML CVE-2019-0793MS XML Remote Code Execution Vulnerability 
Microsoft XML CVE-2019-0791MS XML Remote Code Execution Vulnerability 
Microsoft XML CVE-2019-0790MS XML Remote Code Execution Vulnerability 
Microsoft XML CVE-2019-0792MS XML Remote Code Execution Vulnerability 
Microsoft XML CVE-2019-0795MS XML Remote Code Execution Vulnerability 
Open Source Software CVE-2019-0876Open Enclave SDK Information Disclosure Vulnerability 
Team Foundation Server CVE-2019-0870Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server CVE-2019-0869Team Foundation Server HTML Injection Vulnerability 
Team Foundation Server CVE-2019-0868Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server CVE-2019-0874Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server CVE-2019-0871Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server CVE-2019-0875Azure DevOps Server Elevation of Privilege Vulnerability 
Team Foundation Server CVE-2019-0867Team Foundation Server Cross-site Scripting Vulnerability 
Team Foundation Server CVE-2019-0857Team Foundation Server Spoofing Vulnerability 
Team Foundation Server CVE-2019-0866Team Foundation Server Cross-site Scripting Vulnerability 
Windows Admin Center CVE-2019-0813Windows Admin Center Elevation of Privilege Vulnerability 
Windows Kernel CVE-2019-0856Windows Remote Code Execution Vulnerability 
Windows Kernel CVE-2019-0859Win32k Elevation of Privilege Vulnerability 
Windows Kernel CVE-2019-0844Windows Kernel Information Disclosure Vulnerability 
Windows SMB Server CVE-2019-0786SMB Server Elevation of Privilege Vulnerability 

Leave a Reply