Microsoft security updates for April 2019 released under patch tuesday with the fixes of 74 vulnerabilities including 2 Zero-day vulnerabilities that are actively being exploited in Wide.

Microsoft marked 15 vulnerabilities as “Critical” that affected different Microsoft products and the users are urged to apply the patch immediately to protect your Windows system.

Microsoft April security patch release consists of security updates for the following software:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • ASP.NET
  • Microsoft Exchange Server
  • Team Foundation Server
  • Azure DevOps Server
  • Open Enclave SDK
  • Windows Admin Center

Two of the Tuesday zero-day vulnerabilities CVE-2019-0803 and CVE-2019-0859 already being exploited in the wild that causes unauthorized elevation of privilege, and affect all supported versions of Windows.

First one reported by Win32K Elevation of Privilege Vulnerability Alibaba Cloud Intelligence Security Team and the successfully exploited this vulnerability could run arbitrary code in kernel mode.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Second Vulnerability spotted by Kaspersky research team, “An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode .

Download Free E-book to learn about complete Enterprise Security Implementation & Mitigation Steps – Download Free-Ebook Here.

Microsoft security updates List

Microsoft Windows

Microsoft WindowsCVE-2019-0840Windows Kernel Information Disclosure Vulnerability
Microsoft WindowsCVE-2019-0838Windows Information Disclosure Vulnerability
Microsoft WindowsCVE-2019-0796Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0839Windows Information Disclosure Vulnerability
Microsoft WindowsCVE-2019-0836Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0837DirectX Information Disclosure Vulnerability
Microsoft WindowsCVE-2019-0794OLE Automation Remote Code Execution Vulnerability
Microsoft WindowsCVE-2019-0814Win32k Information Disclosure Vulnerability
Microsoft WindowsCVE-2019-0805Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0848Win32k Information Disclosure Vulnerability
Microsoft WindowsCVE-2019-0730Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0688Windows TCP/IP Information Disclosure Vulnerability
Microsoft WindowsCVE-2019-0845Windows IOleCvt Interface Remote Code Execution Vulnerability
Microsoft WindowsCVE-2019-0685Win32k Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0842Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft WindowsCVE-2019-0841Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0731Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0732Windows Security Feature Bypass Vulnerability

Microsoft Script Engine

Microsoft Scripting EngineCVE-2019-0752Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0861Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0862Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0860Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0835Microsoft Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting EngineCVE-2019-0753Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0806Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0739Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0810Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0812Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0829Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Office

Microsoft OfficeCVE-2019-0826Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0801Office Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0823Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0828Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0822Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0827Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0824Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0825Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft JET Database Engine

Microsoft JET Database EngineCVE-2019-0851Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0879Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0877Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0847Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0846Jet Database Engine Remote Code Execution Vulnerability

Microsoft Graphics Component

Microsoft Graphics ComponentCVE-2019-0803Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2019-0802Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2019-0849Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2019-0853GDI+ Remote Code Execution Vulnerability

Microsoft XML

Microsoft XMLCVE-2019-0793MS XML Remote Code Execution Vulnerability
Microsoft XMLCVE-2019-0791MS XML Remote Code Execution Vulnerability
Microsoft XMLCVE-2019-0790MS XML Remote Code Execution Vulnerability
Microsoft XMLCVE-2019-0792MS XML Remote Code Execution Vulnerability
Microsoft XMLCVE-2019-0795MS XML Remote Code Execution Vulnerability

Team Foundation Server

eam Foundation ServerCVE-2019-0870Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation ServerCVE-2019-0869Team Foundation Server HTML Injection Vulnerability
Team Foundation ServerCVE-2019-0868Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation ServerCVE-2019-0874Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation ServerCVE-2019-0871Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation ServerCVE-2019-0875Azure DevOps Server Elevation of Privilege Vulnerability
Team Foundation ServerCVE-2019-0867Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation ServerCVE-2019-0857Team Foundation Server Spoofing Vulnerability
Team Foundation ServerCVE-2019-0866Team Foundation Server Cross-site Scripting Vulnerability

Windows Kernel

Windows KernelCVE-2019-0856Windows Remote Code Execution Vulnerability
Windows KernelCVE-2019-0859Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2019-0844Windows Kernel Information Disclosure Vulnerability

Other Microsoft Products

.NET CoreCVE-2019-0815ASP.NET Core Denial of Service Vulnerability
Adobe Flash PlayerADV190011April 2019 Adobe Flash Security Update
CSRSSCVE-2019-0735Windows CSRSS Elevation of Privilege Vulnerability
Microsoft BrowsersCVE-2019-0764Microsoft Browsers Tampering Vulnerability
Microsoft EdgeCVE-2019-0833Microsoft Edge Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2019-0817Microsoft Exchange Spoofing Vulnerability
Microsoft Exchange ServerCVE-2019-0858Microsoft Exchange Spoofing Vulnerability

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.