Microsoft Patch Tuesday Fixes Windows Bugs Under Attack

The April release of security updates patches 74 vulnerabilities, two of which are being exploited in the wild.

Microsoft today issued its April batch of security fixes, which patches 74 vulnerabilities including two Windows zero-days under active attack.
CVE-2019-0803
and
CVE-2019-0859
both patch Windows elevation of privilege bugs found exploited in the wild. Microsoft describes both patches in a similar manner: In short, a vulnerability exists when the Win32k component doesnt properly handle objects in memory. An attacker could exploit this to run malicious code in kernel mode and install programs; view, change, or delete data; or create a new account with full user rights.
If this sounds familiar, its likely because
last months
Patch Tuesday also addressed two zero-day elevation-of-privilege vulnerabilities in Windows. Both were rated Important in severity, enabling an attacker with system access to increase their privileges and take over the system.
This has been a trend in several Patch Tuesday releases, where researchers have reported Win32k elevation of privilege bugs leveraged by attackers as zero-days, which begs the question of just how many of these vulnerabilities attackers have stockpiled, notes Satnam Narang, senior research engineer at Tenable, in response to todays security updates.
As in March, one of these flaws (CVE-2019-0859) was reported by Kaspersky Lab. CVE-2019-0803 was found by the Alibaba Cloud Intelligence Security Team. Both are classified as Important in severity. There is no indication of how the bugs are being used in the wild; however, the discovery by Kaspersky Labs is a sign either or both could have been used in targeted malware.
Windows zero-days aside, a few other patches warrant attention to this month. One of these is
CVE-2019-0853
, a GDI+ remote code execution (RCE) bug categorized as Critical. A bug exists in how the Windows Graphic Design Interface handles objects in memory. Attackers who successfully exploit the bug could take over an affected system, and they could do so by tricking people into visiting a malicious website or downloading a bad attachment.
Several Microsoft products, including Windows and the Office suite, use the GDI+ component. Given how this bug can be exploited remotely, security admins are advised to prioritize this one when rolling out updates.
Among the other remote code execution vulnerabilities patched this month is
CVE-2019-0822
, an RCE flaw that exists in the way the Microsoft Graphics Components handle objects in memory. To exploit it, an attacker could send the victim a specially crafted file. There are also a handful of RCE bugs (
CVE-2019-0824
,
CVE-2019-0825
,
CVE-2019-0826
,
CVE-2019-0827
) that exist when Microsoft Office Access Connectivity Engine improperly handles objects in memory.
Related Content:
A New Approach to Application Security Testing
$20 Million Investment Round Shows Growth of Risk Assessment Market
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
8 Steps to More Effective Small Business Security

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft Patch Tuesday Fixes Windows Bugs Under Attack