Tech

Microsoft's April Patch Tuesday comes with fixes for two Windows zero-days

April 2019 Patch Tuesday comes with 74 security fixes, including patches for two Windows zero-days.

Written by Catalin Cimpanu, Contributor April 9, 2019 at 12:09 p.m. PT

Today, Microsoft released its monthly batch of security updates known as Patch Tuesday. This month's security release addresses 74 vulnerabilities in a wide range of Microsoft products, including two actively exploited zero-days.

Security

This is the second month in a row that Microsoft has patched two zero-days, after patching two similar issues last month.

The Windows zero-days

The two zero-days patched this month are both the same kind of vulnerability. Both are elevation of privilege vulnerabilities impacting Win32k, a core component of the Windows operating system.

They are CVE-2019-0803 and CVE-2019-0859. Despite being discovered by two separate security teams -Alibaba Cloud Intelligence Security Team, and Kaspersky Lab, respectively- Microsoft describes the two zero-days in the same manner.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory.

At the time of writing, no details are available about the two vulnerabilities, except the fact that they've been under active exploitation.

However, if we take into account that Kaspersky has reported to Microsoft six Windows Win32k elevation of privilege zero-days in the past six months, we can safely assume that CVE-2019-0859 is another zero-day exploited by a nation-state hacking group, just like all the zero-days Kaspersky has reported in the past.

Other notable security flaws

But besides the Windows zero-days, there are also other notable security bugs in Microsoft products that users should take note of and prepare to apply this month's patches.

For example, there are three Microsoft Office Access Connectivity bugs (CVE-2019-0824, CVE-2019-0825, CVE-2019-0827) that can allow attackers to execute code on vulnerable systems. All bugs can be exploited remotely, making all three issues dangerous in the context of an enterprise environment.

A similar remote code execution (CVE-2019-0853) also impacts the Windows GDI+ component when parsing EMF files. Taking into account that exploiting this vulnerability can be done by convincing users to visit a website or by emailing users malicious files, this, too, is a very serious issue that users should consider when deciding to apply or delay this month's patches.

Adobe and SAP also release updates.

Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobe and SAP also published their respective security updates earlier today.

More in-depth information on today's Patch Tuesday updates is available on Microsoft's official Security Update Guide portal. You can also consult the table embedded below, or to this Patch Tuesday report generated by ZDNet.

Tag	CVE ID	CVE Title
Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates
Adobe Flash Player	ADV190011	April 2019 Adobe Flash Security Update
.NET Core	CVE-2019-0815	ASP.NET Core Denial of Service Vulnerability
CSRSS	CVE-2019-0735	Windows CSRSS Elevation of Privilege Vulnerability
Microsoft Browsers	CVE-2019-0764	Microsoft Browsers Tampering Vulnerability
Microsoft Edge	CVE-2019-0833	Microsoft Edge Information Disclosure Vulnerability
Microsoft Exchange Server	CVE-2019-0817	Microsoft Exchange Spoofing Vulnerability
Microsoft Exchange Server	CVE-2019-0858	Microsoft Exchange Spoofing Vulnerability
Microsoft Graphics Component	CVE-2019-0803	Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2019-0802	Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2019-0849	Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2019-0853	GDI+ Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2019-0851	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2019-0879	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2019-0877	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2019-0847	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2019-0846	Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0826	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0801	Office Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0823	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0828	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0822	Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0827	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0824	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0825	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2019-0831	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2019-0830	Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine	CVE-2019-0752	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0861	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0862	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0860	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0835	Microsoft Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine	CVE-2019-0753	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0806	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0739	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0810	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0812	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0829	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows	CVE-2019-0840	Windows Kernel Information Disclosure Vulnerability
Microsoft Windows	CVE-2019-0838	Windows Information Disclosure Vulnerability
Microsoft Windows	CVE-2019-0796	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2019-0839	Windows Information Disclosure Vulnerability
Microsoft Windows	CVE-2019-0836	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2019-0837	DirectX Information Disclosure Vulnerability
Microsoft Windows	CVE-2019-0794	OLE Automation Remote Code Execution Vulnerability
Microsoft Windows	CVE-2019-0814	Win32k Information Disclosure Vulnerability
Microsoft Windows	CVE-2019-0805	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2019-0848	Win32k Information Disclosure Vulnerability
Microsoft Windows	CVE-2019-0730	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2019-0688	Windows TCP/IP Information Disclosure Vulnerability
Microsoft Windows	CVE-2019-0845	Windows IOleCvt Interface Remote Code Execution Vulnerability
Microsoft Windows	CVE-2019-0685	Win32k Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2019-0842	Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Windows	CVE-2019-0841	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2019-0731	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2019-0732	Windows Security Feature Bypass Vulnerability
Microsoft XML	CVE-2019-0793	MS XML Remote Code Execution Vulnerability
Microsoft XML	CVE-2019-0791	MS XML Remote Code Execution Vulnerability
Microsoft XML	CVE-2019-0790	MS XML Remote Code Execution Vulnerability
Microsoft XML	CVE-2019-0792	MS XML Remote Code Execution Vulnerability
Microsoft XML	CVE-2019-0795	MS XML Remote Code Execution Vulnerability
Open Source Software	CVE-2019-0876	Open Enclave SDK Information Disclosure Vulnerability
Team Foundation Server	CVE-2019-0870	Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server	CVE-2019-0869	Team Foundation Server HTML Injection Vulnerability
Team Foundation Server	CVE-2019-0868	Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server	CVE-2019-0874	Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server	CVE-2019-0871	Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server	CVE-2019-0875	Azure DevOps Server Elevation of Privilege Vulnerability
Team Foundation Server	CVE-2019-0867	Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server	CVE-2019-0857	Team Foundation Server Spoofing Vulnerability
Team Foundation Server	CVE-2019-0866	Team Foundation Server Cross-site Scripting Vulnerability
Windows Admin Center	CVE-2019-0813	Windows Admin Center Elevation of Privilege Vulnerability
Windows Kernel	CVE-2019-0856	Windows Remote Code Execution Vulnerability
Windows Kernel	CVE-2019-0859	Win32k Elevation of Privilege Vulnerability
Windows Kernel	CVE-2019-0844	Windows Kernel Information Disclosure Vulnerability
Windows SMB Server	CVE-2019-0786	SMB Server Elevation of Privilege Vulnerability