ISC Stormcast For Wednesday, April 10th 2019 https://isc.sans.edu/podcastdetail.html?id=6448

Microsoft April 2019 Patch Tuesday

Published: 2019-04-09. Last Updated: 2019-04-09 19:14:53 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 74 vulnerabilities total. From those, 16 are critical and 2 have been exploited in the wild.

Both exploited vulnerabilities (CVE-2019-0859 and CVE-2019-0803) are related to Win32k component which fails to properly handle objects in memory and may permit a local attacker to elevate privileges and execute arbitrary code in kernel mode. 

It is also worth mentioning a remote code execution vulnerability in GDI+ (Windows Graphics Device Interface) which affects the EMF (Enhanced MetaFile) parser. An attacker could exploit this vulnerability by convincing users to open specially crafted EML files in scenarios such as a file hosted on a web server or an e-mail attachment. Multiple Microsoft programs, especially Office suite, uses GDI+ component.

We got 5 vulnerabilities in the Jet Database Engine. Jet Database vulnerabilities are often exploitable via Office documents. But none of the vulnerabilities are labeled as critical. 

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ASP.NET Core Denial of Service Vulnerability
CVE-2019-0815 No No Less Likely Less Likely Important    
April 2019 Adobe Flash Security Update
ADV190011 No No - - Critical    
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2019-0875 No No Less Likely Less Likely Important    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-0812 No No - - Critical 4.2 3.8
CVE-2019-0829 No No - - Critical 4.2 3.8
CVE-2019-0806 No No - - Critical 4.2 3.8
CVE-2019-0810 No No - - Critical 4.2 3.8
CVE-2019-0860 No No - - Critical 4.2 3.8
CVE-2019-0861 No No - - Critical 4.2 3.8
DirectX Information Disclosure Vulnerability
CVE-2019-0837 No No Less Likely Less Likely Important 5.5 5.0
GDI+ Remote Code Execution Vulnerability
CVE-2019-0853 No No Less Likely Less Likely Critical 7.8 7.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0846 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0847 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0851 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0877 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0879 No No Less Likely Less Likely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No - - Critical    
MS XML Remote Code Execution Vulnerability
CVE-2019-0790 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0791 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0792 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0793 No No More Likely More Likely Critical 7.8 7.0
CVE-2019-0795 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Browsers Tampering Vulnerability
CVE-2019-0764 No No Less Likely Less Likely Important 2.4 2.2
Microsoft Edge Information Disclosure Vulnerability
CVE-2019-0833 No No - - Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-0828 No No Less Likely Less Likely Important    
Microsoft Exchange Spoofing Vulnerability
CVE-2019-0858 No No Less Likely Less Likely Important    
CVE-2019-0817 No No Less Likely Less Likely Important    
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2019-0822 No No More Likely More Likely Important    
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2019-0823 No No - - Important    
CVE-2019-0824 No No Less Likely Less Likely Important    
CVE-2019-0825 No No Less Likely Less Likely Important    
CVE-2019-0826 No No Less Likely Less Likely Important    
CVE-2019-0827 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-0830 No No Less Likely Less Likely Important    
CVE-2019-0831 No No Less Likely Less Likely Important    
Microsoft Scripting Engine Information Disclosure Vulnerability
CVE-2019-0835 No No Less Likely Less Likely Important 4.3 3.9
OLE Automation Remote Code Execution Vulnerability
CVE-2019-0794 No No More Likely More Likely Important 7.8 7.0
Office Remote Code Execution Vulnerability
CVE-2019-0801 No No More Likely More Likely Important    
Open Enclave SDK Information Disclosure Vulnerability
CVE-2019-0876 No No - - Important    
SMB Server Elevation of Privilege Vulnerability
CVE-2019-0786 No No Less Likely Less Likely Critical 7.8 7.0
Scripting Engine Memory Corruption Vulnerability
CVE-2019-0739 No No - - Critical 4.2 3.8
CVE-2019-0752 No No More Likely More Likely Important 6.4 5.8
CVE-2019-0753 No No More Likely More Likely Critical 6.4 5.8
CVE-2019-0862 No No More Likely More Likely Important    
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-0866 No No Less Likely Less Likely Important    
CVE-2019-0867 No No Less Likely Less Likely Important    
CVE-2019-0868 No No Less Likely Less Likely Important    
CVE-2019-0870 No No Less Likely Less Likely Important    
CVE-2019-0871 No No Less Likely Less Likely Important    
CVE-2019-0874 No No - - Important    
Team Foundation Server HTML Injection Vulnerability
CVE-2019-0869 No No Less Likely Less Likely Important    
Team Foundation Server Spoofing Vulnerability
CVE-2019-0857 No No - - Important    
Win32k Elevation of Privilege Vulnerability
CVE-2019-0803 No Yes Detected More Likely Important 7.0 6.3
CVE-2019-0685 No No More Likely More Likely Important 7.8 7.0
CVE-2019-0859 No Yes Detected More Likely Important 7.8 7.0
Win32k Information Disclosure Vulnerability
CVE-2019-0848 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0814 No No More Likely More Likely Important 4.7 4.2
Windows Admin Center Elevation of Privilege Vulnerability
CVE-2019-0813 No No - - Important    
Windows CSRSS Elevation of Privilege Vulnerability
CVE-2019-0735 No No More Likely More Likely Important 7.0 6.3
Windows Elevation of Privilege Vulnerability
CVE-2019-0805 No No More Likely More Likely Important 6.7 6.0
CVE-2019-0841 No No Less Likely Less Likely Important 6.8 6.1
CVE-2019-0730 No No More Likely More Likely Important 6.7 6.0
CVE-2019-0731 No No More Likely More Likely Important 6.8 6.1
CVE-2019-0796 No No More Likely More Likely Important 6.3 5.7
CVE-2019-0836 No No More Likely More Likely Important 7.0 6.3
Windows GDI Information Disclosure Vulnerability
CVE-2019-0802 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0849 No No Less Likely Less Likely Important 4.7 4.2
Windows IOleCvt Interface Remote Code Execution Vulnerability
CVE-2019-0845 No No Less Likely Less Likely Critical 7.5 6.7
Windows Information Disclosure Vulnerability
CVE-2019-0838 No No Less Likely Less Likely Important 6.6 5.9
CVE-2019-0839 No No Less Likely Less Likely Important 4.4 4.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-0840 No No More Likely More Likely Important 5.5 5.0
CVE-2019-0844 No No More Likely More Likely Important 5.5 5.0
Windows Remote Code Execution Vulnerability
CVE-2019-0856 No No Less Likely Less Likely Important 7.3 6.6
Windows Security Feature Bypass Vulnerability
CVE-2019-0732 No No More Likely More Likely Important 5.3 4.8
Windows TCP/IP Information Disclosure Vulnerability
CVE-2019-0688 No No Less Likely Less Likely Important 5.3 4.9
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2019-0842 No No Less Likely Less Likely Important 6.4 5.8

 

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
ISC Stormcast For Tuesday, April 9th 2019 https://isc.sans.edu/podcastdetail.html?id=6446

Comments


Diary Archives