Zero Days Fixed in April’s Patch Tuesday

Thursday, April 11, 2019 @ 03:04 PM gHale

Patch Tuesday this month had Microsoft handling 74 vulnerabilities, two of which were Zero Days and 15 labeled critical.

The Zero Day fixes were in Windows and they were undergoing active exploitation.

RELATED STORIES
Patch Tuesday: 2 Zero Days Fixed
Adobe Fixes Critical Security Holes
Adobe Fixes ColdFusion Hole
Adobe Clears Zero Day, Multiple Holes

The Zero Days are CVE-2019-0803 and CVE-2019-0859 and they are in Windows 7 all the way to the latest version of Windows 10, including multiple versions of Windows Server. Both issues relate to elevation of privilege vulnerabilities that occur when the Win32k component fails to properly handle objects in memory.

Microsoft said an attacker who successfully leverages the vulnerability could end up running arbitrary code in kernel mode, which could lead to the bad guy implementing programs and then change, view or delete information. They could also end up creating new accounts with full user rights.

In addition to the Zero Days, there were also some Adobe Flash holes, which could lead to information disclosure and arbitrary code execution and affects the Flash Player across macOS, Linux and ChromeOS, as well as Windows.

In addition to the Zero Days and the Adobe problems, Microsoft had a few other significant issues.

There are three Microsoft Office Access Connectivity remotely exploitable bugs (CVE-2019-0824, CVE-2019-0825, CVE-2019-0827) that can allow attackers to execute code.



Leave a Reply

You must be logged in to post a comment.