Posted on Leave a comment

Microsoft April 2019 Patch Tuesday, (Tue, Apr 9th)

This month we got patches for 74 vulnerabilities total. From those, 16 are critical and 2 have been exploited in the wild.

Both exploited vulnerabilities (CVE-2019-0859 and CVE-2019-0803) are related to Win32k component which fails to properly handle objects in memory and may permit a local attacker to elevate privileges and execute arbitrary code in kernel mode. 

It is also worth mentioning a remote code execution vulnerability in GDI+ (Windows Graphics Device Interface) which affects the EMF (Enhanced MetaFile) parser. An attacker could exploit this vulnerability by convincing users to open specially crafted EML files in scenarios such as a file hosted on a web server or an e-mail attachment. Multiple Microsoft programs, especially Office suite, uses GDI+ component.

We got 5 vulnerabilities in the Jet Database Engine. Jet Database vulnerabilities are often exploitable via Office documents. But none of the vulnerabilities are labeled as critical. 

See Renato’s dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ASP.NET Core Denial of Service Vulnerability
%%cve:2019-0815%% No No Less Likely Less Likely Important    
April 2019 Adobe Flash Security Update
ADV190011 No No Critical    
Azure DevOps Server Elevation of Privilege Vulnerability
%%cve:2019-0875%% No No Less Likely Less Likely Important    
Chakra Scripting Engine Memory Corruption Vulnerability
%%cve:2019-0812%% No No Critical 4.2 3.8
%%cve:2019-0829%% No No Critical 4.2 3.8
%%cve:2019-0806%% No No Critical 4.2 3.8
%%cve:2019-0810%% No No Critical 4.2 3.8
%%cve:2019-0860%% No No Critical 4.2 3.8
%%cve:2019-0861%% No No Critical 4.2 3.8
DirectX Information Disclosure Vulnerability
%%cve:2019-0837%% No No Less Likely Less Likely Important 5.5 5.0
GDI+ Remote Code Execution Vulnerability
%%cve:2019-0853%% No No Less Likely Less Likely Critical 7.8 7.8
Jet Database Engine Remote Code Execution Vulnerability
%%cve:2019-0846%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-0847%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-0851%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-0877%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-0879%% No No Less Likely Less Likely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No Critical    
MS XML Remote Code Execution Vulnerability
%%cve:2019-0790%% No No Less Likely Less Likely Critical 7.8 7.0
%%cve:2019-0791%% No No Less Likely Less Likely Critical 7.8 7.0
%%cve:2019-0792%% No No Less Likely Less Likely Critical 7.8 7.0
%%cve:2019-0793%% No No More Likely More Likely Critical 7.8 7.0
%%cve:2019-0795%% No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Browsers Tampering Vulnerability
%%cve:2019-0764%% No No Less Likely Less Likely Important 2.4 2.2
Microsoft Edge Information Disclosure Vulnerability
%%cve:2019-0833%% No No Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2019-0828%% No No Less Likely Less Likely Important    
Microsoft Exchange Spoofing Vulnerability
%%cve:2019-0858%% No No Less Likely Less Likely Important    
%%cve:2019-0817%% No No Less Likely Less Likely Important    
Microsoft Graphics Components Remote Code Execution Vulnerability
%%cve:2019-0822%% No No More Likely More Likely Important    
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
%%cve:2019-0823%% No No Important    
%%cve:2019-0824%% No No Less Likely Less Likely Important    
%%cve:2019-0825%% No No Less Likely Less Likely Important    
%%cve:2019-0826%% No No Less Likely Less Likely Important    
%%cve:2019-0827%% No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
%%cve:2019-0830%% No No Less Likely Less Likely Important    
%%cve:2019-0831%% No No Less Likely Less Likely Important    
Microsoft Scripting Engine Information Disclosure Vulnerability
%%cve:2019-0835%% No No Less Likely Less Likely Important 4.3 3.9
OLE Automation Remote Code Execution Vulnerability
%%cve:2019-0794%% No No More Likely More Likely Important 7.8 7.0
Office Remote Code Execution Vulnerability
%%cve:2019-0801%% No No More Likely More Likely Important    
Open Enclave SDK Information Disclosure Vulnerability
%%cve:2019-0876%% No No Important    
SMB Server Elevation of Privilege Vulnerability
%%cve:2019-0786%% No No Less Likely Less Likely Critical 7.8 7.0
Scripting Engine Memory Corruption Vulnerability
%%cve:2019-0739%% No No Critical 4.2 3.8
%%cve:2019-0752%% No No More Likely More Likely Important 6.4 5.8
%%cve:2019-0753%% No No More Likely More Likely Critical 6.4 5.8
%%cve:2019-0862%% No No More Likely More Likely Important    
Team Foundation Server Cross-site Scripting Vulnerability
%%cve:2019-0866%% No No Less Likely Less Likely Important    
%%cve:2019-0867%% No No Less Likely Less Likely Important    
%%cve:2019-0868%% No No Less Likely Less Likely Important    
%%cve:2019-0870%% No No Less Likely Less Likely Important    
%%cve:2019-0871%% No No Less Likely Less Likely Important    
%%cve:2019-0874%% No No Important    
Team Foundation Server HTML Injection Vulnerability
%%cve:2019-0869%% No No Less Likely Less Likely Important    
Team Foundation Server Spoofing Vulnerability
%%cve:2019-0857%% No No Important    
Win32k Elevation of Privilege Vulnerability
%%cve:2019-0803%% No Yes Detected More Likely Important 7.0 6.3
%%cve:2019-0685%% No No More Likely More Likely Important 7.8 7.0
%%cve:2019-0859%% No Yes Detected More Likely Important 7.8 7.0
Win32k Information Disclosure Vulnerability
%%cve:2019-0848%% No No Less Likely Less Likely Important 4.7 4.2
%%cve:2019-0814%% No No More Likely More Likely Important 4.7 4.2
Windows Admin Center Elevation of Privilege Vulnerability
%%cve:2019-0813%% No No Important    
Windows CSRSS Elevation of Privilege Vulnerability
%%cve:2019-0735%% No No More Likely More Likely Important 7.0 6.3
Windows Elevation of Privilege Vulnerability
%%cve:2019-0805%% No No More Likely More Likely Important 6.7 6.0
%%cve:2019-0841%% No No Less Likely Less Likely Important 6.8 6.1
%%cve:2019-0730%% No No More Likely More Likely Important 6.7 6.0
%%cve:2019-0731%% No No More Likely More Likely Important 6.8 6.1
%%cve:2019-0796%% No No More Likely More Likely Important 6.3 5.7
%%cve:2019-0836%% No No More Likely More Likely Important 7.0 6.3
Windows GDI Information Disclosure Vulnerability
%%cve:2019-0802%% No No Less Likely Less Likely Important 4.7 4.2
%%cve:2019-0849%% No No Less Likely Less Likely Important 4.7 4.2
Windows IOleCvt Interface Remote Code Execution Vulnerability
%%cve:2019-0845%% No No Less Likely Less Likely Critical 7.5 6.7
Windows Information Disclosure Vulnerability
%%cve:2019-0838%% No No Less Likely Less Likely Important 6.6 5.9
%%cve:2019-0839%% No No Less Likely Less Likely Important 4.4 4.0
Windows Kernel Information Disclosure Vulnerability
%%cve:2019-0840%% No No More Likely More Likely Important 5.5 5.0
%%cve:2019-0844%% No No More Likely More Likely Important 5.5 5.0
Windows Remote Code Execution Vulnerability
%%cve:2019-0856%% No No Less Likely Less Likely Important 7.3 6.6
Windows Security Feature Bypass Vulnerability
%%cve:2019-0732%% No No More Likely More Likely Important 5.3 4.8
Windows TCP/IP Information Disclosure Vulnerability
%%cve:2019-0688%% No No Less Likely Less Likely Important 5.3 4.9
Windows VBScript Engine Remote Code Execution Vulnerability
%%cve:2019-0842%% No No Less Likely Less Likely Important 6.4 5.8

 


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

What are your thoughts?