Published on: 10 April 2019
Microsoft has released security updates addressing multiple vulnerabilities and which affect several Microsoft products or components. The list of security updates can be found at:
https://support.microsoft.com/en-us/help/20190409/security-update-deployment-information-april-9-2019
Reports indicate active exploitation against the vulnerabilities in Microsoft Windows (CVE-2019-0803 and CVE-2019-0859) have been observed. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
A complete list of the affected products can be found at:
- https://portal.msrc.microsoft.com/en-us/security-guidance
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, information disclosure, security feature bypass, elevation of privilege, spoofing, tampering and denial of service.
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/18306ed5-1019-e911-a98b-000d3a33a34d
https://support.microsoft.com/en-us/help/20190409/security-update-deployment-information-april-9-2019
https://www.hkcert.org/my_url/en/alert/19041001
https://www.us-cert.gov/ncas/current-activity/2019/04/09/Microsoft-Releases-April-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0730 (to CVE-2019-0732)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0790 (to CVE-2019-0796)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0801 (to CVE-2019-0803)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0812 (to CVE-2019-0815)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0822 (to CVE-2019-0831)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0835 (to CVE-2019-0842)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0844 (to CVE-2019-0849)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0856 (to CVE-2019-0862)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0866 (to CVE-2019-0871)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0874 (to CVE-2019-0877)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0879