Sunday, September 25, 2022
  • Unclaimed U.S. Lynching Monuments Display Lack of Redress
  • Embedded Secrets in Webpage DOMs
  • BSidesLV 2022 Lucky13 CommonGround – Chris Kubecka’s ‘Russian Malware In The Ukraine War’
  • StackHawk Expands API Security Testing Suite
  • This Week in Malware – Over Five Dozen More Packages Discovered

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » VERT Threat Alert: April 2019 Patch Tuesday Analysis

SBN

VERT Threat Alert: April 2019 Patch Tuesday Analysis

by Tyler Reguly on April 9, 2019

Today’s VERT Alert addresses Microsoft’s April 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-825 on Wednesday, April 10th.

DevOps Experience 2022Sponsorships Available

In-The-Wild & Disclosed CVEs 

CVE-2019-0803

This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.

CVE-2019-0859

This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Team Foundation Server
9
CVE-2019-0857, CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0869, CVE-2019-0870, CVE-2019-0871, CVE-2019-0874, CVE-2019-0875
CSRSS
1
CVE-2019-0735
Open Source Software
1
CVE-2019-0876
Microsoft JET Database Engine
5
CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879
Windows SMB Server
1
CVE-2019-0786
Microsoft Windows
18
CVE-2019-0794, CVE-2019-0805, CVE-2019-0838, CVE-2019-0839, CVE-2019-0840, CVE-2019-0841, CVE-2019-0842, CVE-2019-0845, CVE-2019-0848, CVE-2019-0685, CVE-2019-0688, CVE-2019-0730, CVE-2019-0731, CVE-2019-0732, CVE-2019-0796, CVE-2019-0814, CVE-2019-0836, CVE-2019-0837
Microsoft Edge
1
CVE-2019-0833
Microsoft Graphics Component
4
CVE-2019-0802, CVE-2019-0803, CVE-2019-0849, CVE-2019-0853
Microsoft Scripting Engine
11
CVE-2019-0739, CVE-2019-0812, CVE-2019-0829, CVE-2019-0752, CVE-2019-0753, CVE-2019-0806, CVE-2019-0810, CVE-2019-0835, CVE-2019-0860, CVE-2019-0861, CVE-2019-0862
Microsoft Browsers
1
CVE-2019-0764
Windows Kernel
3
CVE-2019-0844, CVE-2019-0856, CVE-2019-0859
Windows Admin Center
1
CVE-2019-0813
Microsoft Exchange Server
2
CVE-2019-0858, CVE-2019-0817
Microsoft XML
5
CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795
Microsoft Office
8
CVE-2019-0822, CVE-2019-0823, CVE-2019-0824, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/vert-april-2019-patch-tuesday/

April 9, 2019April 9, 2019 Tyler Reguly Vulnerability Management
  • ← The Joy of Tech®, ‘Everyone Hates Social Media’
  • Patch Tuesday Lowdown, April 2019 Edition →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Most Read on the Boulevard

Hate Site Hacked — Kiwi Farms is ‘Very, Very Owned’
Why Manufacturing Struggles With Cloud Security
Organizations Lack Visibility Into Cloud Access
Survey Reveals the Severity of Cloud Security Challenge
Palo Alto Networks Updates CNAPP to Improve Cloud Security
How Uber was hacked — again
The State of Cybersecurity in Education
Kubernetes Policy Engine, Polaris: A General Preview of New Checks
Tripwire Patch Priority Index for August 2022
Blowing the Whistle For Cybersecurity Compliance

Upcoming Webinars

Mon 26

Cloud Security

September 26 @ 1:00 pm - 2:00 pm
Oct 12

Next-Gen SCA: Securing Modern SDLCs With Pipeline Composition Analysis

October 12 @ 1:00 pm - 2:00 pm
Oct 19

Secrets Management and DevSecOps: An Enterprise Maturity Model

October 19 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Victims of Gym Phone Theft Lose $10,000 Each (Because SMS 2FA)
Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Victims of Gym Phone Theft Lose $10,000 Each (Because SMS 2FA)

September 19, 2022 Richi Jennings | Sep 19 0
Uber Hacked: Its Security is ‘Awful’ and ‘Weak’
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Uber Hacked: Its Security is ‘Awful’ and ‘Weak’

September 16, 2022 Richi Jennings | Sep 16 0
Patreon Fires its Security Team — and the Internet Freaks Out
Analytics & Intelligence Application Security CISO Suite Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Patreon Fires its Security Team — and the Internet Freaks Out

September 9, 2022 Richi Jennings | Sep 09 0

Top Stories

StackHawk Expands API Security Testing Suite
Application Security Cybersecurity Endpoint Featured Malware Mobile Security News Security Boulevard (Original) Spotlight Vulnerabilities 

StackHawk Expands API Security Testing Suite

September 23, 2022 Michael Vizard | 1 day ago 0
Three Iranian Nationals Charged in Critical Services Scheme
Cybersecurity Featured Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

Three Iranian Nationals Charged in Critical Services Scheme

September 22, 2022 Teri Robinson | 2 days ago 0
Survey Reveals the Severity of Cloud Security Challenge
Application Security Cloud Security Cloud Security Cybersecurity Editorial Calendar Featured Incident Response News Security Boulevard (Original) Spotlight 

Survey Reveals the Severity of Cloud Security Challenge

September 21, 2022 Michael Vizard | 3 days ago 0

Security Humor

Daniel Stori's 'The Ketchup Gun'

Daniel Stori’s ‘The Ketchup Gun’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.