Today’s VERT Alert addresses Microsoft’s April 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-825 on Wednesday, April 10th.
In-The-Wild & Disclosed CVEs
CVE-2019-0803
This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system. Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.
CVE-2019-0859
This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in kernel mode, giving them full control over the system. Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index for their latest software release and a 0 (Exploitation Detected) on older software releases.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag |
CVE Count |
CVEs |
Team Foundation Server |
9 |
CVE-2019-0857, CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0869, CVE-2019-0870, CVE-2019-0871, CVE-2019-0874, CVE-2019-0875 |
CSRSS |
1 |
CVE-2019-0735 |
Open Source Software |
1 |
CVE-2019-0876 |
Microsoft JET Database Engine |
5 |
CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879 |
Windows SMB Server |
1 |
CVE-2019-0786 |
Microsoft Windows |
18 |
CVE-2019-0794, CVE-2019-0805, CVE-2019-0838, CVE-2019-0839, CVE-2019-0840, CVE-2019-0841, CVE-2019-0842, CVE-2019-0845, CVE-2019-0848, CVE-2019-0685, CVE-2019-0688, CVE-2019-0730, CVE-2019-0731, CVE-2019-0732, CVE-2019-0796, CVE-2019-0814, CVE-2019-0836, CVE-2019-0837 |
Microsoft Edge |
1 |
CVE-2019-0833 |
Microsoft Graphics Component |
4 |
CVE-2019-0802, CVE-2019-0803, CVE-2019-0849, CVE-2019-0853 |
Microsoft Scripting Engine |
11 |
CVE-2019-0739, CVE-2019-0812, CVE-2019-0829, CVE-2019-0752, CVE-2019-0753, CVE-2019-0806, CVE-2019-0810, CVE-2019-0835, CVE-2019-0860, CVE-2019-0861, CVE-2019-0862 |
Microsoft Browsers |
1 |
CVE-2019-0764 |
Windows Kernel |
3 |
CVE-2019-0844, CVE-2019-0856, CVE-2019-0859 |
Windows Admin Center |
1 |
CVE-2019-0813 |
Microsoft Exchange Server |
2 |
CVE-2019-0858, CVE-2019-0817 |
Microsoft XML |
5 |
CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795 |
Microsoft Office |
8 |
CVE-2019-0822, CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827, CVE-2019-0801, CVE-2019-0828 |
.NET Core |
1 |
CVE-2019-0815 |
Microsoft Office SharePoint |
2 |
CVE-2019-0830, CVE-2019-0831 |
Other Information
In addition to the Microsoft vulnerabilities included in the April Security Guidance, an Adobe Flash bulletin is available today.
April 2019 Adobe Flash Update [ADV190011]
Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-19, which includes fixes for CVE-2019-7108 and CVE-2019-7096,