Home>Blog>The Hacker News Headlines>Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack
The Hacker News Headlines

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack

microsoft patch updates

Microsoft today released its April 2019 software updates to
address a total of 74 CVE-listed vulnerabilities in its Windows
operating systems and other products, 13 of which are rated
critical and rest are rated Important in severity.

April 2019 security updates address flaws in Windows OS,
Internet Explorer, Edge, MS Office, and MS Office Services and Web
Apps, ChakraCore, Exchange Server, .NET Framework and ASP.NET,
Skype for Business, Azure DevOps Server, Open Enclave SDK, Team
Foundation Server, and Visual Studio.

None of the vulnerabilities addressed this month by the tech
giant were disclosed publicly at the time of release, leaving the
two recently disclosed zero-day
flaws in Internet Explorer and Edge browsers still open for
hackers.
[1]

However, two new privilege escalation vulnerabilities, which affect
all supported versions of the Windows operating system, have been
reported as being actively exploited in the wild.

Both rated as important, the flaws (CVE-2019-0803 and
CVE-2019-0859) reside in the Win32k component of Windows
operating system that could be exploited by attackers to run
arbitrary code in kernel mode on a targeted computer.

Just last month Microsoft patched two similar
vulnerabilities in the Win32k[2]
component that were also being exploited in targeted attacks by
several threat actors including, FruityArmor and SandCat.

Besides this, Microsoft also released updates to patch 13
critical vulnerabilities, and as expected, all of the
critical-rated vulnerabilities lead to remote code execution
attacks, except one elevation of privileges in Windows Server
Message Block (SMB) Server.

All critical vulnerabilities primarily impact various versions
of Windows 10 operating system and Server editions and reside in
ChakraCore Scripting Engine, Microsoft XML Core Services, SMB
Server, Windows IOleCvt Interface, and Windows Graphics Device
Interface (GDI).

Many important-rated vulnerabilities also lead to remote code
execution attacks, while others allow elevation of privilege,
information disclosure, cross-site scripting (XSS), spoofing and
denial of service attacks.

Users and system administrators are highly recommended to apply
the latest security patches as soon as possible to keep
cybercriminals and hackers away from taking control of their
computers.

For installing the latest security updates, you can head on to
Settings → Update & Security → Windows Update → Check for updates
on your computer, or you can install the updates manually.

For addressing problematic update issues on Windows 10 devices,
Microsoft last month also introduced a safety measure that automatically
uninstalls buggy software updates[3]
installed on your system if your OS detects a startup failure.

Adobe also rolled out security updates today to fix 40 security
vulnerabilities[4]
in several of its products. Users of the affected Adobe software
for Windows, macOS, Linux, and Chrome OS are advised to update
their software packages to the latest versions.

References

  1. ^
    disclosed zero-day flaws
    (thehackernews.com)
  2. ^
    two similar vulnerabilities in the
    Win32k     (thehackernews.com)
  3. ^
    automatically uninstalls buggy software
    updates     (thehackernews.com)
  4. ^
    fix 40 security vulnerabilities
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.