Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s April 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-825 on Wednesday, April 10th.

In-The-Wild & Disclosed CVEs 

CVE-2019-0803

This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.

CVE-2019-0859

This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Team Foundation Server
9
CVE-2019-0857, CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0869, CVE-2019-0870, CVE-2019-0871, CVE-2019-0874, CVE-2019-0875
CSRSS
1
CVE-2019-0735
Open Source Software
1
CVE-2019-0876
Microsoft JET Database Engine
5
CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879
Windows SMB Server
1
CVE-2019-0786
Microsoft Windows
18
CVE-2019-0794, CVE-2019-0805, CVE-2019-0838, CVE-2019-0839, CVE-2019-0840, CVE-2019-0841, CVE-2019-0842, CVE-2019-0845, CVE-2019-0848, CVE-2019-0685, CVE-2019-0688, CVE-2019-0730, CVE-2019-0731, CVE-2019-0732, CVE-2019-0796, CVE-2019-0814, CVE-2019-0836, CVE-2019-0837
Microsoft Edge
1
CVE-2019-0833
Microsoft Graphics Component
4
CVE-2019-0802, CVE-2019-0803, CVE-2019-0849, CVE-2019-0853
Microsoft Scripting Engine
11
CVE-2019-0739, CVE-2019-0812, CVE-2019-0829, CVE-2019-0752, CVE-2019-0753, CVE-2019-0806, CVE-2019-0810, CVE-2019-0835, CVE-2019-0860, CVE-2019-0861, CVE-2019-0862
Microsoft Browsers
1
CVE-2019-0764
Windows Kernel
3
CVE-2019-0844, CVE-2019-0856, CVE-2019-0859
Windows Admin Center
1
CVE-2019-0813
Microsoft Exchange Server
2
CVE-2019-0858, CVE-2019-0817
Microsoft XML
5
CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795
Microsoft Office
8
CVE-2019-0822, CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827, CVE-2019-0801, CVE-2019-0828
.NET Core
1
CVE-2019-0815
Microsoft Office SharePoint
2
CVE-2019-0830, CVE-2019-0831

 

Other Information

In addition to the Microsoft vulnerabilities included in the April Security Guidance, an Adobe Flash bulletin is available today.

April 2019 Adobe Flash Update [ADV190011]

Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-19, which includes fixes for CVE-2019-7108 and CVE-2019-7096,

The Executive's Guide to the Top 20 Critical Security Controls