April 2019 Patch Tuesday is here, consisting of fixes for 74 vulnerabilities.
Note that two of the flaws (CVE-2019-0803 and CVE-2019-0859, see details below) are actively exploited in attacks in the wild. 13 of the vulnerabilities are rated critical, and 61are important.
This month’s share of patches are addressing issues in several Microsoft products and services, such as Internet Explorer, Edge, ChakraCore, Windows, Microsoft Office / Office Services and Web Apps, .NET and ASP .NET, Exchange Server, Visual Studio, Skype for Business, Azure DevOps Server, Open Enclave SDK, Team Foundation Server.
More about CVE-2019-0803 and CVE-2019-0859
CVE-2019-0803 and CVE-2019-0859 are Win32k privilege escalation vulnerabilities in which are nearly identical to other flaws patched last month.
CVE-2019-0803 is an elevation of privilege vulnerability in Windows which is triggered when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits the flaw could run arbitrary code in kernel mode. This would enable the attacker to install programs, and perform other malicious activities such as viewing, changing, or deleting data, or even creating new accounts with full user rights.
CVE-2019-0859 is also an elevation of privilege vulnerability which exists in Windows when the Win32k component fails to properly handle objects in memory, researchers said.
In short, both vulnerabilities give elevated privileges to attacker without authorization, which enables a range of malicious activities with full user rights.
More about CVE-2019-0853 and CVE-2019-0688
These are two other vulnerabilities which deserve more attention.
CVE-2019-0853 is a described as a GDI+ remote code execution vulnerability. As explained by TrendMicro researchers, “a number of Microsoft programs, notably the OS and Office suite, use the GDI+ component. Discovered by ZDI’s Hossein Lotfi, this vulnerability occurs when parsing EMF file records. A specially crafted EMF file record can trigger access of an uninitialized pointer, which allows an attacker to execute arbitrary code.”
CVE-2019-0688 is a Windows TCP/IP information disclosure vulnerability which concerns the issue of IP fragmentation. The vulnerability resides in the Windows TCP/IP stack, and it could allow information disclosure from improperly handling fragmented IP packets. The flaw could expose data such as SAS token and resource IDs, researchers warned.