Microsoft April Patch Tuesday fixed 76 security vulnerabilities
Microsoft released the April Patch Tuesday on April 9. This security update fixed many vulnerabilities which cover the code execution/privilege escalation vulnerability of Windows and several core components of Windows (Windows, win32k, LUAFV, CSRSS, MSXML, VSScript).
Product | CVE number | CVE title | Severity |
.NET Core | CVE-2019-0815 | ASP.NET Core Denial of Service Vulnerability | Important |
Adobe Flash Player | ADV190011 | April 2019 Adobe Flash Security Update | Critical |
CSRSS | CVE-2019-0735 | Windows CSRSS Privilege Escalation Vulnerability | Important |
Microsoft Browsers | CVE-2019-0764 | Microsoft Browsers Tampering Vulnerability | Low |
Microsoft Edge | CVE-2019-0833 | Microsoft Edge Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2019-0858 | Microsoft Exchange Spoofing Vulnerability | Important |
Microsoft Exchange Server | CVE-2019-0817 | Microsoft Exchange Spoofing Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-0802 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-0803 | Win32k Privilege Escalation Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-0849 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-0853 | GDI+ Remote Code Execution Vulnerability | Critical |
Microsoft JET Database Engine | CVE-2019-0846 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0847 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0851 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0877 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0879 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-0822 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-0823 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-0824 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-0825 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-0826 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-0827 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-0801 | Office Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-0828 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-0830 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-0831 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Scripting Engine | CVE-2019-0739 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0812 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0829 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0752 | Scripting Engine Memory Corruption Vulnerability | Important |
Microsoft Scripting Engine | CVE-2019-0753 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0806 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0810 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2019-0835 | Microsoft Scripting Engine Information Disclosure Vulnerability | Important |
Microsoft Scripting Engine | CVE-2019-0860 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2019-0861 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0862 | Scripting Engine Memory Corruption Vulnerability | Important |
Microsoft Windows | CVE-2019-0794 | OLE Automation Remote Code Execution Vulnerability | Important |
Microsoft Windows | CVE-2019-0805 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-0838 | Windows Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-0839 | Windows Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-0840 | Windows Kernel Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-0841 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-0842 | Windows VBScript Engine Remote Code Execution Vulnerability | Important |
Microsoft Windows | CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2019-0848 | Win32k Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-0685 | Win32k Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-0688 | Windows TCP/IP Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-0730 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-0731 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-0732 | Windows Security Feature Bypass Vulnerability | Important |
Microsoft Windows | CVE-2019-0796 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-0814 | Win32k Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-0836 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-0837 | DirectX Information Disclosure Vulnerability | Important |
Microsoft XML | CVE-2019-0790 | MS XML Remote Code Execution Vulnerability | Critical |
Microsoft XML | CVE-2019-0791 | MS XML Remote Code Execution Vulnerability | Critical |
Microsoft XML | CVE-2019-0792 | MS XML Remote Code Execution Vulnerability | Critical |
Microsoft XML | CVE-2019-0793 | MS XML Remote Code Execution Vulnerability | Critical |
Microsoft XML | CVE-2019-0795 | MS XML Remote Code Execution Vulnerability | Critical |
Open Source Software | CVE-2019-0876 | Open Enclave SDK Information Disclosure Vulnerability | Important |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
Team Foundation Server | CVE-2019-0857 | Azure DevOps Server Spoofing Vulnerability | Important |
Team Foundation Server | CVE-2019-0866 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
Team Foundation Server | CVE-2019-0867 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
Team Foundation Server | CVE-2019-0868 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
Team Foundation Server | CVE-2019-0869 | Azure DevOps Server HTML Injection Vulnerability | Important |
Team Foundation Server | CVE-2019-0870 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
Team Foundation Server | CVE-2019-0871 | Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability | Important |
Team Foundation Server | CVE-2019-0874 | Azure DevOps Server Cross-site Scripting Vulnerability | Important |
Team Foundation Server | CVE-2019-0875 | Azure DevOps Server Privilege Escalation Vulnerability | Important |
Windows Admin Center | CVE-2019-0813 | Windows Admin Center Privilege Escalation Vulnerability | Important |
Windows Kernel | CVE-2019-0844 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2019-0856 | Windows Remote Code Execution Vulnerability | Important |
Windows Kernel | CVE-2019-0859 | Win32k Privilege Escalation Vulnerability | Important |
Windows SMB Server | CVE-2019-0786 | SMB Server Privilege Escalation Vulnerability | Critical |
In view of the serious impact of the multiple vulnerabilities fixed this month, some PoC is published. So as not to be attacked by hackers and malware, we recommend that users repair as soon as possible.