Microsoft’s April 2019 Patches Fix 76 Vulnerabilities Threat Alert

Microsoft’s April 2019 Patches Fix 76 Vulnerabilities Threat Alert

April 18, 2019 | Mina Hao

Overview

Microsoft released April 2019 security patches on Tuesday that fix 76 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, Adobe Flash Player, CSRSS, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, Open Source Software, Servicing Stack Updates, Team Foundation Server, Windows Admin Center, Windows Kernel, and Windows SMB Server.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
.NET Core CVE-2019-0815 ASP.NET Core Denial-of-Service Vulnerability Important
Adobe Flash Player ADV190011 April 2019 Adobe Flash Security Update Critical
CSRSS CVE-2019-0735 Windows CSRSS Privilege Escalation Vulnerability Important
Microsoft Browsers CVE-2019-0764 Microsoft Browsers Tampering Vulnerability Low
Microsoft Edge CVE-2019-0833 Microsoft Edge Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2019-0858 Microsoft Exchange Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2019-0817 Microsoft Exchange Spoofing Vulnerability Important
Microsoft Graphics Component CVE-2019-0802 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0803 Win32k Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-0849 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0853 GDI+ Remote Code Execution Vulnerability Critical
Microsoft JET Database Engine CVE-2019-0846 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0847 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0851 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0877 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0879 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0822 Microsoft Graphics Components Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0823 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0824 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0825 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0826 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0827 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0801 Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0828 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2019-0830 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-0831 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2019-0739 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0812 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0829 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0752 Scripting Engine Memory Corruption Vulnerability Important
Microsoft Scripting Engine CVE-2019-0753 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0806 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0810 Chakra Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-0835 Microsoft Scripting Engine Information Disclosure Vulnerability Important
Microsoft Scripting Engine CVE-2019-0860 Chakra Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-0861 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0862 Scripting Engine Memory Corruption Vulnerability Important
Microsoft Windows CVE-2019-0794 OLE Automation Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-0805 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0838 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0839 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0840 Windows Kernel Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0841 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0842 Windows VBScript Engine Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-0845 Windows IOleCvt Interface Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-0848 Win32k Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0685 Win32k Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0688 Windows TCP/IP Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0730 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0731 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0732 Windows Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-0796 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0814 Win32k Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0836 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0837 DirectX Information Disclosure Vulnerability Important
Microsoft XML CVE-2019-0790 MS XML Remote Code Execution Vulnerability Critical
Microsoft XML CVE-2019-0791 MS XML Remote Code Execution Vulnerability Critical
Microsoft XML CVE-2019-0792 MS XML Remote Code Execution Vulnerability Critical
Microsoft XML CVE-2019-0793 MS XML Remote Code Execution Vulnerability Critical
Microsoft XML CVE-2019-0795 MS XML Remote Code Execution Vulnerability Critical
Open Source Software CVE-2019-0876 Open Enclave SDK Information Disclosure Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Team Foundation Server CVE-2019-0857 Azure DevOps Server Spoofing Vulnerability Important
Team Foundation Server CVE-2019-0866 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0867 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0868 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0869 Azure DevOps Server HTML Injection Vulnerability Important
Team Foundation Server CVE-2019-0870 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0871 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0874 Azure DevOps Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0875 Azure DevOps Server Privilege Escalation Vulnerability Important
Windows Admin Center CVE-2019-0813 Windows Admin Center Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-0844 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0856 Windows Remote Code Execution Vulnerability Important
Windows Kernel CVE-2019-0859 Win32k Privilege Escalation Vulnerability Important
Windows SMB Server CVE-2019-0786 SMB Server Privilege Escalation Vulnerability Critical

 

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Download: ‘s April 2019 Patches Fix 76 Vulnerabilities