abril 2019 Patch Tuesday é aqui, consistindo de correções para 74 vulnerabilidades.
Note-se que duas das falhas (CVE-2019-0803 e CVE-2019-0859, Veja os detalhes abaixo) são exploradas ativamente em ataques no estado selvagem. 13 das vulnerabilidades são classificadas como críticas, and 61are important.
This month’s share of patches are addressing issues in several Microsoft products and services, como o Internet Explorer, Beira, ChakraCore, janelas, Microsoft Office / Office Services and Web Apps, .NET and ASP .NET, Exchange Server, Estúdio visual, Skype para Empresas, Azure DevOps Server, Open Enclave SDK, Team Foundation Server.
More about CVE-2019-0803 and CVE-2019-0859
CVE-2019-0803 and CVE-2019-0859 are Win32k privilege escalation vulnerabilities in which are nearly identical to other flaws patched last month.
CVE-2019-0803 is an elevation of privilege vulnerability in Windows which is triggered when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits the flaw could run arbitrary code in kernel mode. This would enable the attacker to install programs, and perform other malicious activities such as viewing, changing, or deleting data, or even creating new accounts with full user rights.
CVE-2019-0859 is also an elevation of privilege vulnerability which exists in Windows when the Win32k component fails to properly handle objects in memory, disseram pesquisadores.
Em resumo, both vulnerabilities give elevated privileges to attacker without authorization, which enables a range of malicious activities with full user rights.
More about CVE-2019-0853 and CVE-2019-0688
These are two other vulnerabilities which deserve more attention.
CVE-2019-0853 is a described as a GDI+ remote code execution vulnerability. Como explicado by TrendMicro researchers, “a number of Microsoft programs, notably the OS and Office suite, use the GDI+ component. Discovered by ZDI’s Hossein Lotfi, this vulnerability occurs when parsing EMF file records. A specially crafted EMF file record can trigger access of an uninitialized pointer, which allows an attacker to execute arbitrary code.”
CVE-2019-0688 is a Windows TCP/IP information disclosure vulnerability which concerns the issue of IP fragmentation. The vulnerability resides in the Windows TCP/IP stack, and it could allow information disclosure from improperly handling fragmented IP packets. The flaw could expose data such as SAS token and resource IDs, researchers warned.