Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft April 2019 Patch Tuesday SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft April 2019 Patch Tuesday

This month we got patches for 74 vulnerabilities total. From those, 16 are critical and 2 have been exploited in the wild.

Both exploited vulnerabilities (CVE-2019-0859 and CVE-2019-0803) are related to Win32k component which fails to properly handle objects in memory and may permit a local attacker to elevate privileges and execute arbitrary code in kernel mode. 

It is also worth mentioning a remote code execution vulnerability in GDI+ (Windows Graphics Device Interface) which affects the EMF (Enhanced MetaFile) parser. An attacker could exploit this vulnerability by convincing users to open specially crafted EML files in scenarios such as a file hosted on a web server or an e-mail attachment. Multiple Microsoft programs, especially Office suite, uses GDI+ component.

We got 5 vulnerabilities in the Jet Database Engine. Jet Database vulnerabilities are often exploitable via Office documents. But none of the vulnerabilities are labeled as critical. 

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ASP.NET Core Denial of Service Vulnerability
CVE-2019-0815 No No Less Likely Less Likely Important    
April 2019 Adobe Flash Security Update
ADV190011 No No - - Critical    
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2019-0875 No No Less Likely Less Likely Important    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-0812 No No - - Critical 4.2 3.8
CVE-2019-0829 No No - - Critical 4.2 3.8
CVE-2019-0806 No No - - Critical 4.2 3.8
CVE-2019-0810 No No - - Critical 4.2 3.8
CVE-2019-0860 No No - - Critical 4.2 3.8
CVE-2019-0861 No No - - Critical 4.2 3.8
DirectX Information Disclosure Vulnerability
CVE-2019-0837 No No Less Likely Less Likely Important 5.5 5.0
GDI+ Remote Code Execution Vulnerability
CVE-2019-0853 No No Less Likely Less Likely Critical 7.8 7.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0846 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0847 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0851 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0877 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0879 No No Less Likely Less Likely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No - - Critical    
MS XML Remote Code Execution Vulnerability
CVE-2019-0790 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0791 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0792 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0793 No No More Likely More Likely Critical 7.8 7.0
CVE-2019-0795 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Browsers Tampering Vulnerability
CVE-2019-0764 No No Less Likely Less Likely Important 2.4 2.2
Microsoft Edge Information Disclosure Vulnerability
CVE-2019-0833 No No - - Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-0828 No No Less Likely Less Likely Important    
Microsoft Exchange Spoofing Vulnerability
CVE-2019-0858 No No Less Likely Less Likely Important    
CVE-2019-0817 No No Less Likely Less Likely Important    
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2019-0822 No No More Likely More Likely Important    
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2019-0823 No No - - Important    
CVE-2019-0824 No No Less Likely Less Likely Important    
CVE-2019-0825 No No Less Likely Less Likely Important    
CVE-2019-0826 No No Less Likely Less Likely Important    
CVE-2019-0827 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-0830 No No Less Likely Less Likely Important    
CVE-2019-0831 No No Less Likely Less Likely Important    
Microsoft Scripting Engine Information Disclosure Vulnerability
CVE-2019-0835 No No Less Likely Less Likely Important 4.3 3.9
OLE Automation Remote Code Execution Vulnerability
CVE-2019-0794 No No More Likely More Likely Important 7.8 7.0
Office Remote Code Execution Vulnerability
CVE-2019-0801 No No More Likely More Likely Important    
Open Enclave SDK Information Disclosure Vulnerability
CVE-2019-0876 No No - - Important    
SMB Server Elevation of Privilege Vulnerability
CVE-2019-0786 No No Less Likely Less Likely Critical 7.8 7.0
Scripting Engine Memory Corruption Vulnerability
CVE-2019-0739 No No - - Critical 4.2 3.8
CVE-2019-0752 No No More Likely More Likely Important 6.4 5.8
CVE-2019-0753 No No More Likely More Likely Critical 6.4 5.8
CVE-2019-0862 No No More Likely More Likely Important    
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-0866 No No Less Likely Less Likely Important    
CVE-2019-0867 No No Less Likely Less Likely Important    
CVE-2019-0868 No No Less Likely Less Likely Important    
CVE-2019-0870 No No Less Likely Less Likely Important    
CVE-2019-0871 No No Less Likely Less Likely Important    
CVE-2019-0874 No No - - Important    
Team Foundation Server HTML Injection Vulnerability
CVE-2019-0869 No No Less Likely Less Likely Important    
Team Foundation Server Spoofing Vulnerability
CVE-2019-0857 No No - - Important    
Win32k Elevation of Privilege Vulnerability
CVE-2019-0803 No Yes Detected More Likely Important 7.0 6.3
CVE-2019-0685 No No More Likely More Likely Important 7.8 7.0
CVE-2019-0859 No Yes Detected More Likely Important 7.8 7.0
Win32k Information Disclosure Vulnerability
CVE-2019-0848 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0814 No No More Likely More Likely Important 4.7 4.2
Windows Admin Center Elevation of Privilege Vulnerability
CVE-2019-0813 No No - - Important    
Windows CSRSS Elevation of Privilege Vulnerability
CVE-2019-0735 No No More Likely More Likely Important 7.0 6.3
Windows Elevation of Privilege Vulnerability
CVE-2019-0805 No No More Likely More Likely Important 6.7 6.0
CVE-2019-0841 No No Less Likely Less Likely Important 6.8 6.1
CVE-2019-0730 No No More Likely More Likely Important 6.7 6.0
CVE-2019-0731 No No More Likely More Likely Important 6.8 6.1
CVE-2019-0796 No No More Likely More Likely Important 6.3 5.7
CVE-2019-0836 No No More Likely More Likely Important 7.0 6.3
Windows GDI Information Disclosure Vulnerability
CVE-2019-0802 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0849 No No Less Likely Less Likely Important 4.7 4.2
Windows IOleCvt Interface Remote Code Execution Vulnerability
CVE-2019-0845 No No Less Likely Less Likely Critical 7.5 6.7
Windows Information Disclosure Vulnerability
CVE-2019-0838 No No Less Likely Less Likely Important 6.6 5.9
CVE-2019-0839 No No Less Likely Less Likely Important 4.4 4.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-0840 No No More Likely More Likely Important 5.5 5.0
CVE-2019-0844 No No More Likely More Likely Important 5.5 5.0
Windows Remote Code Execution Vulnerability
CVE-2019-0856 No No Less Likely Less Likely Important 7.3 6.6
Windows Security Feature Bypass Vulnerability
CVE-2019-0732 No No More Likely More Likely Important 5.3 4.8
Windows TCP/IP Information Disclosure Vulnerability
CVE-2019-0688 No No Less Likely Less Likely Important 5.3 4.9
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2019-0842 No No Less Likely Less Likely Important 6.4 5.8

 

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

 Renato

69 Posts
ISC Handler
Apr 9th 2019
Thread locked Subscribe Apr 9th 2019
2 years ago

Sign Up for Free or Log In to start participating in the conversation!