Webinar Library
Welcome to this April Patch Tuesday Bulletin. This month there are 74 unique CVE’s, 5 products with critical rated vulnerabilities and 2 vulnerabilities exploited in the wild. Pay close attention to CVE-2019-0803 and CVE-2019-0859 since they are both Windows privilege escalation vulnerabilities being exploited in the wild. In order to exploit these vulnerabilities an attacker would need to login to the system and then run an application that could exploit the vulnerability thus giving the attacker control of the system. These are both zero-day vulnerabilities so we recommend that you patch these as soon as possible. Regarding the Adobe vulnerability ADV190011, you can find more detailed from Adobe here.
Hey folks, if you’ve been enjoying my Active Directory security trainings, I’d love to meet you in-person at The Experts Conference, August 27-28 in Charleston, SC, where I'll be delivering a keynote session and a hybrid AD breakout session as well as taking your questions 1:1 in the Experts Bar. Here's a link to the whole conference to see all the sessions from me and other AD and Office 365 security experts. NOTE: they have a $300 early-early bird savings if you register by April 30, 2019.
So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Internet Explorer
IE 9,10,11
Critical
CVE-2019-0752 CVE-2019-0753 CVE-2019-0764 CVE-2019-0835 CVE-2019-0862
Workaround: No Exploited: No Public: No
Remote Code Execution Information Disclosure Tampering
Edge
CVE-2019-0739 CVE-2019-0764 CVE-2019-0806 CVE-2019-0810 CVE-2019-0812 CVE-2019-0829 CVE-2019-0833 CVE-2019-0860 CVE-2019-0861
Windows
Windows 7, 8.1, 8.1 RT, 10
Windows Admin Center
Server 2008/2008 R2
Sever 2012, 2012 R2
Server 2016
Server 2019
CVE-2019-0685 CVE-2019-0688 CVE-2019-0730 CVE-2019-0731 CVE-2019-0732 CVE-2019-0735 CVE-2019-0786 CVE-2019-0790 CVE-2019-0791 CVE-2019-0792 CVE-2019-0793 CVE-2019-0794 CVE-2019-0795 CVE-2019-0796 CVE-2019-0802 CVE-2019-0803 CVE-2019-0805 CVE-2019-0813 CVE-2019-0814 CVE-2019-0836 CVE-2019-0837 CVE-2019-0838 CVE-2019-0839 CVE-2019-0840 CVE-2019-0841 CVE-2019-0842 CVE-2019-0844 CVE-2019-0845 CVE-2019-0846 CVE-2019-0847 CVE-2019-0848 CVE-2019-0849 CVE-2019-0851 CVE-2019-0853 CVE-2019-0856 CVE-2019-0859 CVE-2019-0877 CVE-2019-0879
Workaround: No
Exploited: Yes
Public: No
Information Disclosure
Elevation of Privilege
Remote Code Execution
Security Feature Bypass
Office
Excel 2010, 2013, 2016
Office 2010, 2013, 2016, 2019
2016, 2019 for Mac
Office 365 ProPlus
Important
CVE-2019-0801 CVE-2019-0822 CVE-2019-0823 CVE-2019-0824 CVE-2019-0825 CVE-2019-0826 CVE-2019-0827 CVE-2019-0828
Exploited: No
Exchange
Server 2010 SP3 2013 CU22 2016 CU11, CU12 2019, 2019 CU1
CVE-2019-0817 CVE-2019-0858
Spoofing
SharePoint
Enterprise Server 2013 SP1, 2016 Foundation 2010 SP2, 2013 SP1 Server 2010 SP2, 2019
CVE-2019-0830 CVE-2019-0831
ChakraCore
All
CVE-2019-0739 CVE-2019-0806 CVE-2019-0810 CVE-2019-0812 CVE-2019-0829 CVE-2019-0860 CVE-2019-0861
Team Foundation Server
2015 Update 4.2
2017 Update 3.1
2018 Update 1.2, 3.2
CVE-2019-0866 CVE-2019-0867 CVE-2019-0868 CVE-2019-0870 CVE-2019-0871
Adobe Flash Player
ADV190011
Workaround: Yes Exploited: No Public: No
ASP.NET
Core 2.2
CVE-2019-0815
Denial of Service
Azure
DevOps Server 2019, Linux Guest Agent
CVE-2019-0804 CVE-2019-0857 CVE-2019-0866 CVE-2019-0867 CVE-2019-0868 CVE-2019-0869 CVE-2019-0870 CVE-2019-0871 CVE-2019-0874 CVE-2019-0875
Spoofing Elevation of Privilege Information Disclosure
Open Enclave SDK
CVE-2019-0876
We will not share your address. Unsubscribe anytime. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.