OnlyFm252
Patch Tuesday Archive

Patch Tuesday April 2019

Total CVEs

75

Critical

16

Important

55

Exploited

2

Publicly Disclosed

0

All CVEs this month 75

CVE Title Severity CVSS Product Exploited Disclosed
ADV190011 April 2019 Adobe Flash Security Update Critical - Adobe Flash Player - -
CVE-2019-0739 Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-0786 Hyper-V vSMB Remote Code Execution Vulnerability Critical 7.8 Windows SMB Server - -
CVE-2019-0790 MS XML Remote Code Execution Vulnerability Critical 7.8 Microsoft XML - -
CVE-2019-0791 MS XML Remote Code Execution Vulnerability Critical 7.8 Microsoft XML - -
CVE-2019-0792 MS XML Remote Code Execution Vulnerability Critical 7.8 Microsoft XML - -
CVE-2019-0793 MS XML Remote Code Execution Vulnerability Critical 7.8 Microsoft XML - -
CVE-2019-0795 MS XML Remote Code Execution Vulnerability Critical 7.8 Microsoft XML - -
CVE-2019-0806 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-0810 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-0812 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-0829 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-0845 Windows IOleCvt Interface Remote Code Execution Vulnerability Critical 7.5 Microsoft Windows - -
CVE-2019-0853 GDI+ Remote Code Execution Vulnerability Critical 7.8 Microsoft Graphics Component - -
CVE-2019-0860 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-0861 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-0685 Win32k Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-0688 Windows TCP/IP Information Disclosure Vulnerability Important 5.3 Microsoft Windows - -
CVE-2019-0730 Windows Elevation of Privilege Vulnerability Important 6.7 Microsoft Windows - -
CVE-2019-0731 Windows Elevation of Privilege Vulnerability Important 6.8 Microsoft Windows - -
CVE-2019-0732 Windows Security Feature Bypass Vulnerability Important 5.3 Microsoft Windows - -
CVE-2019-0735 Windows CSRSS Elevation of Privilege Vulnerability Important 7 CSRSS - -
CVE-2019-0764 Microsoft Browsers Tampering Vulnerability Important 6.3 Microsoft Browsers - -
CVE-2019-0794 OLE Automation Remote Code Execution Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-0796 Windows Elevation of Privilege Vulnerability Important 6.3 Microsoft Windows - -
CVE-2019-0801 Office Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-0802 Windows GDI Information Disclosure Vulnerability Important 4.7 Microsoft Graphics Component - -
CVE-2019-0803 Win32k Elevation of Privilege Vulnerability Important 7 Microsoft Graphics Component Yes -
CVE-2019-0805 Windows Elevation of Privilege Vulnerability Important 6.7 Microsoft Windows - -
CVE-2019-0813 Windows Admin Center Elevation of Privilege Vulnerability Important - Windows Admin Center - -
CVE-2019-0814 Win32k Information Disclosure Vulnerability Important 4.7 Microsoft Windows - -
CVE-2019-0815 ASP.NET Core Denial of Service Vulnerability Important - .NET Core - -
CVE-2019-0817 Microsoft Exchange Spoofing Vulnerability Important - Microsoft Exchange Server - -
CVE-2019-0822 Microsoft Graphics Components Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-0823 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-0824 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-0825 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-0826 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-0827 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-0828 Microsoft Excel Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-0830 Microsoft Office SharePoint XSS Vulnerability Important - Microsoft Office SharePoint - -
CVE-2019-0831 Microsoft Office SharePoint XSS Vulnerability Important - Microsoft Office SharePoint - -
CVE-2019-0833 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important 4.3 Microsoft Edge - -
CVE-2019-0836 Windows Elevation of Privilege Vulnerability Important 7 Microsoft Windows - -
CVE-2019-0837 DirectX Information Disclosure Vulnerability Important 5.5 Microsoft Windows - -
CVE-2019-0838 Windows Information Disclosure Vulnerability Important 6.6 Microsoft Windows - -
CVE-2019-0839 Windows Information Disclosure Vulnerability Important 4.4 Microsoft Windows - -
CVE-2019-0840 Windows Kernel Information Disclosure Vulnerability Important 5.5 Microsoft Windows - -
CVE-2019-0841 Windows Elevation of Privilege Vulnerability Important 6.8 Microsoft Windows - -
CVE-2019-0842 Windows VBScript Engine Remote Code Execution Vulnerability Important 6.4 Microsoft Windows - -
CVE-2019-0844 Windows Kernel Information Disclosure Vulnerability Important 5.5 Windows Kernel - -
CVE-2019-0846 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 Microsoft JET Database Engine - -
CVE-2019-0847 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 Microsoft JET Database Engine - -
CVE-2019-0848 Win32k Information Disclosure Vulnerability Important 4.7 Microsoft Windows - -
CVE-2019-0849 Windows GDI Information Disclosure Vulnerability Important 4.7 Microsoft Graphics Component - -
CVE-2019-0851 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 Microsoft JET Database Engine - -
CVE-2019-0856 Windows Remote Code Execution Vulnerability Important 6.6 Windows Kernel - -
CVE-2019-0857 Azure DevOps Server Spoofing Vulnerability Important - Team Foundation Server - -
CVE-2019-0858 Microsoft Exchange Spoofing Vulnerability Important - Microsoft Exchange Server - -
CVE-2019-0859 Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Kernel Yes -
CVE-2019-0866 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important - Team Foundation Server - -
CVE-2019-0867 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important - Team Foundation Server - -
CVE-2019-0868 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important - Team Foundation Server - -
CVE-2019-0869 Azure DevOps Server HTML Injection Vulnerability Important - Team Foundation Server - -
CVE-2019-0870 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important - Team Foundation Server - -
CVE-2019-0871 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important - Team Foundation Server - -
CVE-2019-0874 Azure DevOps Server Cross-site Scripting Vulnerability Important - Team Foundation Server - -
CVE-2019-0875 Azure DevOps Server Elevation of Privilege Vulnerability Important - Team Foundation Server - -
CVE-2019-0876 Open Enclave SDK Information Disclosure Vulnerability Important - Open Source Software - -
CVE-2019-0877 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 Microsoft JET Database Engine - -
CVE-2019-0879 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 Microsoft JET Database Engine - -
CVE-2019-0753 Scripting Engine Memory Corruption Vulnerability Moderate 7.5 Microsoft Scripting Engine - -
CVE-2019-0752 Scripting Engine Memory Corruption Vulnerability Low 7.5 Microsoft Scripting Engine - -
CVE-2019-0835 Microsoft Scripting Engine Information Disclosure Vulnerability Low 4.3 Microsoft Scripting Engine - -
CVE-2019-0862 Scripting Engine Memory Corruption Vulnerability Low - Microsoft Scripting Engine - -

    Threat Categories 7

    Threat Category CVEs Critical
    Remote Code Execution 35 16
    Information Disclosure 13 -
    Elevation of Privilege 12 -
    Spoofing 12 -
    Security Feature Bypass 1 -
    Tampering 1 -
    Denial of Service 1 -

    Affected Products 18

    Product CVEs Exploited
    Microsoft Windows 18 -
    Microsoft Scripting Engine 11 -
    Team Foundation Server 9 -
    Microsoft Office 8 -
    Microsoft XML 5 -
    Microsoft JET Database Engine 5 -
    Microsoft Graphics Component 4 1
    Windows Kernel 3 1
    Microsoft Exchange Server 2 -
    Microsoft Office SharePoint 2 -
    Adobe Flash Player 1 -
    Windows SMB Server 1 -
    CSRSS 1 -
    Microsoft Browsers 1 -
    Windows Admin Center 1 -
    .NET Core 1 -
    Microsoft Edge 1 -
    Open Source Software 1 -