Microsoft security updates for April 2019 released under patch tuesday with the fixes of 74 vulnerabilities including 2 Zero-day vulnerabilities that are actively being exploited in Wide.

Microsoft marked 15 vulnerabilities as “Critical” that affected different Microsoft products and the users are urged to apply the patch immediately to protect your Windows system.

Microsoft April security patch release consists of security updates for the following software:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • ASP.NET
  • Microsoft Exchange Server
  • Team Foundation Server
  • Azure DevOps Server
  • Open Enclave SDK
  • Windows Admin Center

Two of the Tuesday zero-day vulnerabilities CVE-2019-0803 and CVE-2019-0859 already being exploited in the wild that causes unauthorized elevation of privilege, and affect all supported versions of Windows.

First one reported by Win32K Elevation of Privilege Vulnerability Alibaba Cloud Intelligence Security Team and the successfully exploited this vulnerability could run arbitrary code in kernel mode.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Second Vulnerability spotted by Kaspersky research team, “An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode .

Download Free E-book to learn about complete Enterprise Security Implementation & Mitigation Steps – Download Free-Ebook Here.

Microsoft security updates List

Microsoft Windows

Microsoft Windows CVE-2019-0840 Windows Kernel Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0838 Windows Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0796 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0839 Windows Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0836 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0837 DirectX Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0794 OLE Automation Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0814 Win32k Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0805 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0848 Win32k Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0730 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0688 Windows TCP/IP Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0845 Windows IOleCvt Interface Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0685 Win32k Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0842 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0841 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0731 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0732 Windows Security Feature Bypass Vulnerability

Microsoft Script Engine

Microsoft Scripting Engine CVE-2019-0752 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0861 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0862 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0860 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0835 Microsoft Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2019-0753 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0806 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0739 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0810 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0812 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0829 Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Office

Microsoft Office CVE-2019-0826 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0801 Office Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0823 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0828 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0822 Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0827 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0824 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0825 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft JET Database Engine

Microsoft JET Database Engine CVE-2019-0851 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0879 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0877 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0847 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0846 Jet Database Engine Remote Code Execution Vulnerability

Microsoft Graphics Component

Microsoft Graphics Component CVE-2019-0803 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0802 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0849 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0853 GDI+ Remote Code Execution Vulnerability

Microsoft XML

Microsoft XML CVE-2019-0793 MS XML Remote Code Execution Vulnerability
Microsoft XML CVE-2019-0791 MS XML Remote Code Execution Vulnerability
Microsoft XML CVE-2019-0790 MS XML Remote Code Execution Vulnerability
Microsoft XML CVE-2019-0792 MS XML Remote Code Execution Vulnerability
Microsoft XML CVE-2019-0795 MS XML Remote Code Execution Vulnerability

Team Foundation Server

eam Foundation Server CVE-2019-0870 Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server CVE-2019-0869 Team Foundation Server HTML Injection Vulnerability
Team Foundation Server CVE-2019-0868 Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server CVE-2019-0874 Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server CVE-2019-0871 Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server CVE-2019-0875 Azure DevOps Server Elevation of Privilege Vulnerability
Team Foundation Server CVE-2019-0867 Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server CVE-2019-0857 Team Foundation Server Spoofing Vulnerability
Team Foundation Server CVE-2019-0866 Team Foundation Server Cross-site Scripting Vulnerability

Windows Kernel

Windows Kernel CVE-2019-0856 Windows Remote Code Execution Vulnerability
Windows Kernel CVE-2019-0859 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-0844 Windows Kernel Information Disclosure Vulnerability

Other Microsoft Products

.NET Core CVE-2019-0815 ASP.NET Core Denial of Service Vulnerability
Adobe Flash Player ADV190011 April 2019 Adobe Flash Security Update
CSRSS CVE-2019-0735 Windows CSRSS Elevation of Privilege Vulnerability
Microsoft Browsers CVE-2019-0764 Microsoft Browsers Tampering Vulnerability
Microsoft Edge CVE-2019-0833 Microsoft Edge Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2019-0817 Microsoft Exchange Spoofing Vulnerability
Microsoft Exchange Server CVE-2019-0858 Microsoft Exchange Spoofing Vulnerability

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.