Microsoft's April 2019 Patches Fix 76 Vulnerabilities Threat Alert - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Microsoft’s April 2019 Patches Fix 76 Vulnerabilities Threat Alert

April 18, 2019 | Adeline Zhang

Overview

Microsoft released April 2019 security patches on Tuesday that fix 76 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, Adobe Flash Player, CSRSS, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, Open Source Software, Servicing Stack Updates, Team Foundation Server, Windows Admin Center, Windows Kernel, and Windows SMB Server.

Details can be found in the following table.

Product	CVE ID	CVE Title	Severity Level
.NET Core	CVE-2019-0815	ASP.NET Core Denial-of-Service Vulnerability	Important
Adobe Flash Player	ADV190011	April 2019 Adobe Flash Security Update	Critical
CSRSS	CVE-2019-0735	Windows CSRSS Privilege Escalation Vulnerability	Important
Microsoft Browsers	CVE-2019-0764	Microsoft Browsers Tampering Vulnerability	Low
Microsoft Edge	CVE-2019-0833	Microsoft Edge Information Disclosure Vulnerability	Important
Microsoft Exchange Server	CVE-2019-0858	Microsoft Exchange Spoofing Vulnerability	Important
Microsoft Exchange Server	CVE-2019-0817	Microsoft Exchange Spoofing Vulnerability	Important
Microsoft Graphics Component	CVE-2019-0802	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-0803	Win32k Privilege Escalation Vulnerability	Important
Microsoft Graphics Component	CVE-2019-0849	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-0853	GDI+ Remote Code Execution Vulnerability	Critical
Microsoft JET Database Engine	CVE-2019-0846	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft JET Database Engine	CVE-2019-0847	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft JET Database Engine	CVE-2019-0851	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft JET Database Engine	CVE-2019-0877	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft JET Database Engine	CVE-2019-0879	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0822	Microsoft Graphics Components Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0823	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0824	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0825	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0826	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0827	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0801	Office Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0828	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2019-0830	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2019-0831	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-0739	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0812	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0829	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0752	Scripting Engine Memory Corruption Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-0753	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0806	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0810	Chakra Scripting Engine Memory Corruption Vulnerability	Moderate
Microsoft Scripting Engine	CVE-2019-0835	Microsoft Scripting Engine Information Disclosure Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-0860	Chakra Scripting Engine Memory Corruption Vulnerability	Moderate
Microsoft Scripting Engine	CVE-2019-0861	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0862	Scripting Engine Memory Corruption Vulnerability	Important
Microsoft Windows	CVE-2019-0794	OLE Automation Remote Code Execution Vulnerability	Important
Microsoft Windows	CVE-2019-0805	Windows Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-0838	Windows Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-0839	Windows Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-0840	Windows Kernel Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-0841	Windows Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-0842	Windows VBScript Engine Remote Code Execution Vulnerability	Important
Microsoft Windows	CVE-2019-0845	Windows IOleCvt Interface Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2019-0848	Win32k Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-0685	Win32k Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-0688	Windows TCP/IP Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-0730	Windows Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-0731	Windows Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-0732	Windows Security Feature Bypass Vulnerability	Important
Microsoft Windows	CVE-2019-0796	Windows Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-0814	Win32k Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-0836	Windows Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-0837	DirectX Information Disclosure Vulnerability	Important
Microsoft XML	CVE-2019-0790	MS XML Remote Code Execution Vulnerability	Critical
Microsoft XML	CVE-2019-0791	MS XML Remote Code Execution Vulnerability	Critical
Microsoft XML	CVE-2019-0792	MS XML Remote Code Execution Vulnerability	Critical
Microsoft XML	CVE-2019-0793	MS XML Remote Code Execution Vulnerability	Critical
Microsoft XML	CVE-2019-0795	MS XML Remote Code Execution Vulnerability	Critical
Open Source Software	CVE-2019-0876	Open Enclave SDK Information Disclosure Vulnerability	Important
Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates	Critical
Team Foundation Server	CVE-2019-0857	Azure DevOps Server Spoofing Vulnerability	Important
Team Foundation Server	CVE-2019-0866	Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability	Important
Team Foundation Server	CVE-2019-0867	Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability	Important
Team Foundation Server	CVE-2019-0868	Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability	Important
Team Foundation Server	CVE-2019-0869	Azure DevOps Server HTML Injection Vulnerability	Important
Team Foundation Server	CVE-2019-0870	Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability	Important
Team Foundation Server	CVE-2019-0871	Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability	Important
Team Foundation Server	CVE-2019-0874	Azure DevOps Server Cross-site Scripting Vulnerability	Important
Team Foundation Server	CVE-2019-0875	Azure DevOps Server Privilege Escalation Vulnerability	Important
Windows Admin Center	CVE-2019-0813	Windows Admin Center Privilege Escalation Vulnerability	Important
Windows Kernel	CVE-2019-0844	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2019-0856	Windows Remote Code Execution Vulnerability	Important
Windows Kernel	CVE-2019-0859	Win32k Privilege Escalation Vulnerability	Important
Windows SMB Server	CVE-2019-0786	SMB Server Privilege Escalation Vulnerability	Critical

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Download: ‘s April 2019 Patches Fix 76 Vulnerabilities