Tuesday, July 23, 2019
  • The Truth About Serverless Security
  • Reputational Risk and Crisis Panel: Shared Assessments Summit
  • The Problem With Bots and What To Do About Them
  • The 4 Questions Industrial CISOs Need to Ask When Evaluating a Cybersecurity Tool
  • Using AWS Session Manager with Enhanced SSH and SCP Capability

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » VERT Threat Alert: April 2019 Patch Tuesday Analysis

VERT Threat Alert: April 2019 Patch Tuesday Analysis

by Tyler Reguly on April 9, 2019

Today’s VERT Alert addresses Microsoft’s April 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-825 on Wednesday, April 10th.

In-The-Wild & Disclosed CVEs 

CVE-2019-0803

This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.

CVE-2019-0859

This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Team Foundation Server
9
CVE-2019-0857, CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0869, CVE-2019-0870, CVE-2019-0871, CVE-2019-0874, CVE-2019-0875
CSRSS
1
CVE-2019-0735
Open Source Software
1
CVE-2019-0876
Microsoft JET Database Engine
5
CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879
Windows SMB Server
1
CVE-2019-0786
Microsoft Windows
18
CVE-2019-0794, CVE-2019-0805, CVE-2019-0838, CVE-2019-0839, CVE-2019-0840, CVE-2019-0841, CVE-2019-0842, CVE-2019-0845, CVE-2019-0848, CVE-2019-0685, CVE-2019-0688, CVE-2019-0730, CVE-2019-0731, CVE-2019-0732, CVE-2019-0796, CVE-2019-0814, CVE-2019-0836, CVE-2019-0837
Microsoft Edge
1
CVE-2019-0833
Microsoft Graphics Component
4
CVE-2019-0802, CVE-2019-0803, CVE-2019-0849, CVE-2019-0853
Microsoft Scripting Engine
11
CVE-2019-0739, CVE-2019-0812, CVE-2019-0829, CVE-2019-0752, CVE-2019-0753, CVE-2019-0806, CVE-2019-0810, CVE-2019-0835, CVE-2019-0860, CVE-2019-0861, CVE-2019-0862
Microsoft Browsers
1
CVE-2019-0764
Windows Kernel
3
CVE-2019-0844, CVE-2019-0856, CVE-2019-0859
Windows Admin Center
1
CVE-2019-0813
Microsoft Exchange Server
2
CVE-2019-0858, CVE-2019-0817
Microsoft XML
5
CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795
Microsoft Office
8
CVE-2019-0822, CVE-2019-0823, CVE-2019-0824, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/vert-april-2019-patch-tuesday/

April 9, 2019April 9, 2019 Tyler Reguly Vulnerability Management
  • ← Free 2FA
  • Patch Tuesday Lowdown, April 2019 Edition →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

DataSpii: ‘Catastrophic’ Browser Data Leak ‘Train Wreck’
How Will the EU’s Article 13 Directive Affect Streaming Platforms?
Cannabis Retailers: Don’t Get Caught in the Cyber Weeds
Face Off: Privacy Issues Not Confined to FaceApp
Defense in Depth: Securing the New Network Edge
The Strange Case of the Malicious Favicon
Cybersecurity a High Priority for 2019, UK Organizations Say
With Proposed British Airways, Marriott Fines, That GDPR Iceberg Is Getting a Lot Bigger
Emsisoft releases a free decryptor for the ZeroFucks ransomware
An Analysis of L0rdix RAT, Panel and Builder

Upcoming Webinars

Tue 23

You’re Bleeding. Exposing the Attack Surface in your Supply Chain

July 23 @ 1:00 pm - 2:00 pm
Tue 30

A Practical Approach to Security Automation

July 30 @ 1:00 pm - 2:00 pm
Wed 31

Get Your Secure Development Initiatives in Shape: a 30, 60, 90-day Approach

July 31 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

SAP Customer Stories

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

The Truth About Serverless Security
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

The Truth About Serverless Security

July 23, 2019 Roman Sachenko | 1 hour ago 0
Reputational Risk and Crisis Panel: Shared Assessments Summit
Cybersecurity Incident Response Industry Spotlight Security Boulevard (Original) 

Reputational Risk and Crisis Panel: Shared Assessments Summit

July 23, 2019 Dan Blum | 2 hours ago 0
Defense in Depth: Securing the New Network Edge
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Defense in Depth: Securing the New Network Edge

July 22, 2019 Scott Schweitzer | Yesterday 0

Top Stories

DataSpii: ‘Catastrophic’ Browser Data Leak ‘Train Wreck’
Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Malware Network Security News Security Boulevard (Original) Spotlight 

DataSpii: ‘Catastrophic’ Browser Data Leak ‘Train Wreck’

July 19, 2019 Richi Jennings | 3 days ago 0
Zoom Spying Vulnerability: The Plot Thickens
Application Security Cloud Security Cybersecurity Endpoint Featured News Security Boulevard (Original) Spotlight 

Zoom Spying Vulnerability: The Plot Thickens

July 16, 2019 Richi Jennings | Jul 16 0
Symantec Expands Capabilities of Cloud Gateways
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Symantec Expands Capabilities of Cloud Gateways

July 16, 2019 Michael Vizard | Jul 16 0

Security Humor

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech®

The Joy of Tech®, ‘They Came In Peace’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

WAF Signal Sciences application firewall security

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.