Microsoft 9 kwietnia 2019 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 74 poprawki bezpieczeństwa, w tym 15 poprawek oznaczonych jako krytyczne.

Aktualizacje naprawiają luki m.in. w:

  • .NET Core
  • Adobe Flash Player
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Scripting Engine
  • Microsoft Office
  • Microsoft Visual Studio
  • Team Foundation Server
  • Windows Kernel

Najistotniejszymi podatnościami, które zostały naprawione są:

CVE-2019-0803, CVE-2019-0859składnik Win32k nie obsługuje poprawnie obiektów w pamięci. Wykorzystanie podatności umożliwia atakującym  instalacje programów, przeglądanie, dokonywanie zmian lub usuwanie danych lub tworzenie nowych uprzywilejowanych kont użytkownika.

Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ASP.NET Core Denial of Service Vulnerability
CVE-2019-0815 No No Less Likely Less Likely Important    
April 2019 Adobe Flash Security Update
ADV190011 No No Critical    
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2019-0875 No No Less Likely Less Likely Important    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-0812 No No Critical 4.2 3.8
CVE-2019-0829 No No Critical 4.2 3.8
CVE-2019-0806 No No Critical 4.2 3.8
CVE-2019-0810 No No Critical 4.2 3.8
CVE-2019-0860 No No Critical 4.2 3.8
CVE-2019-0861 No No Critical 4.2 3.8
DirectX Information Disclosure Vulnerability
CVE-2019-0837 No No Less Likely Less Likely Important 5.5 5.0
GDI+ Remote Code Execution Vulnerability
CVE-2019-0853 No No Less Likely Less Likely Critical 7.8 7.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0846 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0847 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0851 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0877 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0879 No No Less Likely Less Likely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No Critical    
MS XML Remote Code Execution Vulnerability
CVE-2019-0790 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0791 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0792 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2019-0793 No No More Likely More Likely Critical 7.8 7.0
CVE-2019-0795 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Browsers Tampering Vulnerability
CVE-2019-0764 No No Less Likely Less Likely Important 2.4 2.2
Microsoft Edge Information Disclosure Vulnerability
CVE-2019-0833 No No Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-0828 No No Less Likely Less Likely Important    
Microsoft Exchange Spoofing Vulnerability
CVE-2019-0858 No No Less Likely Less Likely Important    
CVE-2019-0817 No No Less Likely Less Likely Important    
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2019-0822 No No More Likely More Likely Important    
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2019-0823 No No Important    
CVE-2019-0824 No No Less Likely Less Likely Important    
CVE-2019-0825 No No Less Likely Less Likely Important    
CVE-2019-0826 No No Less Likely Less Likely Important    
CVE-2019-0827 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-0830 No No Less Likely Less Likely Important    
CVE-2019-0831 No No Less Likely Less Likely Important    
Microsoft Scripting Engine Information Disclosure Vulnerability
CVE-2019-0835 No No Less Likely Less Likely Important 4.3 3.9
OLE Automation Remote Code Execution Vulnerability
CVE-2019-0794 No No More Likely More Likely Important 7.8 7.0
Office Remote Code Execution Vulnerability
CVE-2019-0801 No No More Likely More Likely Important    
Open Enclave SDK Information Disclosure Vulnerability
CVE-2019-0876 No No Important    
SMB Server Elevation of Privilege Vulnerability
CVE-2019-0786 No No Less Likely Less Likely Critical 7.8 7.0
Scripting Engine Memory Corruption Vulnerability
CVE-2019-0739 No No Critical 4.2 3.8
CVE-2019-0752 No No More Likely More Likely Important 6.4 5.8
CVE-2019-0753 No No More Likely More Likely Critical 6.4 5.8
CVE-2019-0862 No No More Likely More Likely Important    
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-0866 No No Less Likely Less Likely Important    
CVE-2019-0867 No No Less Likely Less Likely Important    
CVE-2019-0868 No No Less Likely Less Likely Important    
CVE-2019-0870 No No Less Likely Less Likely Important    
CVE-2019-0871 No No Less Likely Less Likely Important    
CVE-2019-0874 No No Important    
Team Foundation Server HTML Injection Vulnerability
CVE-2019-0869 No No Less Likely Less Likely Important    
Team Foundation Server Spoofing Vulnerability
CVE-2019-0857 No No Important    
Win32k Elevation of Privilege Vulnerability
CVE-2019-0803 No Yes Detected More Likely Important 7.0 6.3
CVE-2019-0685 No No More Likely More Likely Important 7.8 7.0
CVE-2019-0859 No Yes Detected More Likely Important 7.8 7.0
Win32k Information Disclosure Vulnerability
CVE-2019-0848 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0814 No No More Likely More Likely Important 4.7 4.2
Windows Admin Center Elevation of Privilege Vulnerability
CVE-2019-0813 No No Important    
Windows CSRSS Elevation of Privilege Vulnerability
CVE-2019-0735 No No More Likely More Likely Important 7.0 6.3
Windows Elevation of Privilege Vulnerability
CVE-2019-0805 No No More Likely More Likely Important 6.7 6.0
CVE-2019-0841 No No Less Likely Less Likely Important 6.8 6.1
CVE-2019-0730 No No More Likely More Likely Important 6.7 6.0
CVE-2019-0731 No No More Likely More Likely Important 6.8 6.1
CVE-2019-0796 No No More Likely More Likely Important 6.3 5.7
CVE-2019-0836 No No More Likely More Likely Important 7.0 6.3
Windows GDI Information Disclosure Vulnerability
CVE-2019-0802 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0849 No No Less Likely Less Likely Important 4.7 4.2
Windows IOleCvt Interface Remote Code Execution Vulnerability
CVE-2019-0845 No No Less Likely Less Likely Critical 7.5 6.7
Windows Information Disclosure Vulnerability
CVE-2019-0838 No No Less Likely Less Likely Important 6.6 5.9
CVE-2019-0839 No No Less Likely Less Likely Important 4.4 4.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-0840 No No More Likely More Likely Important 5.5 5.0
CVE-2019-0844 No No More Likely More Likely Important 5.5 5.0
Windows Remote Code Execution Vulnerability
CVE-2019-0856 No No Less Likely Less Likely Important 7.3 6.6
Windows Security Feature Bypass Vulnerability
CVE-2019-0732 No No More Likely More Likely Important 5.3 4.8
Windows TCP/IP Information Disclosure Vulnerability
CVE-2019-0688 No No Less Likely Less Likely Important 5.3 4.9
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2019-0842 No No Less Likely Less Likely Important 6.4 5.8