VERT Threat Alert: April 2019 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s April 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-825 on Wednesday, April 10th.
In-The-Wild & Disclosed CVEs
CVE-2019-0803
This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system.
Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.
CVE-2019-0859
This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system.
Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag | CVE Count | CVEs |
Team Foundation Server | 9 | CVE-2019-0857, CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0869, CVE-2019-0870, CVE-2019-0871, CVE-2019-0874, CVE-2019-0875 |
CSRSS | 1 | CVE-2019-0735 |
Open Source Software | 1 | CVE-2019-0876 |
Microsoft JET Database Engine | 5 | CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879 |
Windows SMB Server | 1 | CVE-2019-0786 |
Microsoft Windows | 18 | CVE-2019-0794, CVE-2019-0805, CVE-2019-0838, CVE-2019-0839, CVE-2019-0840, CVE-2019-0841, CVE-2019-0842, CVE-2019-0845, CVE-2019-0848, CVE-2019-0685, CVE-2019-0688, CVE-2019-0730, CVE-2019-0731, CVE-2019-0732, CVE-2019-0796, CVE-2019-0814, CVE-2019-0836, CVE-2019-0837 |
Microsoft Edge | 1 | CVE-2019-0833 |
Microsoft Graphics Component | 4 | CVE-2019-0802, CVE-2019-0803, CVE-2019-0849, CVE-2019-0853 |
Microsoft Scripting Engine | 11 | CVE-2019-0739, CVE-2019-0812, CVE-2019-0829, CVE-2019-0752, CVE-2019-0753, CVE-2019-0806, CVE-2019-0810, CVE-2019-0835, CVE-2019-0860, CVE-2019-0861, CVE-2019-0862 |
Microsoft Browsers | 1 | CVE-2019-0764 |
Windows Kernel | 3 | CVE-2019-0844, CVE-2019-0856, CVE-2019-0859 |
Windows Admin Center | 1 | CVE-2019-0813 |
Microsoft Exchange Server | 2 | CVE-2019-0858, CVE-2019-0817 |
Microsoft XML | 5 | CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795 |
Microsoft Office | 8 | CVE-2019-0822, CVE-2019-0823, CVE-2019-0824, (Read more...) |
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/vert-april-2019-patch-tuesday/
