April 2019 Patch Tuesday: Microsoft Fixes 74 Vulnerabilities

Microsoft has released fixes for 74 vulnerabilities on April 2019 Patch Tuesday, two of which are being actively exploited in the wild.

The two zero-day Windows vulnerabilities that are being actively exploited are CVE-2019-0803 and CVE-2019-0859. Both of these are elevation of privilege vulnerabilities and are due to how the Win32k component handles objects in the memory. If exploited, an attacker could execute malicious code in kernel mode and view, alter, or delete data, create a new account with admin rights, and install programs.

These flaws affect all versions of Windows, although attacks appear to have only been conducted on older Windows versions. Both of these flaws have been rated Important, even though they are being actively exploited.

13 vulnerabilities have been rated critical and affect Microsoft Windows, Windows SMB Server, Microsoft Graphics Component, Microsoft Scripting Engine, and Microsoft XML. Two advisories have also been issued (Adobe Flash Player; Servicing Stack Updates) both of which have also been rated critical.

7 of the critical updates are remote code execution (RCE) vulnerabilities, 5 are memory corruption vulnerabilities, and one is an elevation of privilege vulnerability.

CVE-2019-0853 is one of the most serious RCE flaws. It affects the Windows Graphic Design Interface (GDI+) which is used by multiple Microsoft products including Windows and Microsoft Office. If exploited, an attacker could take full control of a vulnerable system. The flaw could be exploited by visiting a specially crafted web page or by tricking a user into opening a malicious email attachment.

The other critical RCE flaws are CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0794, CVE-2019-0795, all of which affect Microsoft XML, and CVE-2019-0845, which affects Microsoft Windows.

The five critical memory corruption vulnerabilities are CVE-2019-0739, CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861 and affect Microsoft Scripting Engine. The critical Windows SMB Server elevation of privilege vulnerability is CVE-2019-0786.

Microsoft has also released non-security related updates this Patch Tuesday. The cumulative updates are being rolled out for all supported Windows versions.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news