Posted: 27 Min ReadThreat Intelligence

Microsoft Patch Tuesday – April 2019

This month the vendor has patched 74 vulnerabilities, 14 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office
  • Microsoft Exchange
  • Microsoft Windows
  • XML Core Service
  • Graphics Device Interface (GDI)
  • LUA File Virtualization Filter Driver (Luafv.sys)
  • Jet Database Engine
  • Azure DevOps Server
  • Team Foundation Server
  • ASP.NET
  • Open Enclave Software Development Kit

     

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0739) MS Rating: Critical

    A memory-corruption vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0753) MS Rating: Critical

    A memory-corruption vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0806) MS Rating: Critical

    A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0810) MS Rating: Critical

    A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0812) MS Rating: Critical

    A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0860) MS Rating: Critical

    A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0861) MS Rating: Critical

    A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0829) MS Rating: Critical

    A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Microsoft Edge Information Disclosure Vulnerability (CVE-2019-0833) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Edge handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Microsoft Browsers Tampering Vulnerability (CVE-2019-0764) MS Rating: Important

    A tampering vulnerability exists when Microsoft browsers fails to properly validate input under specific conditions. An attacker can exploit this issue to pass custom command line parameters.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0752) MS Rating: Important

    A memory-corruption vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Microsoft Scripting Engine Information Disclosure Vulnerability (CVE-2019-0835) MS Rating: Important

    An information disclosure vulnerability exists when the scripting engine handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0842) MS Rating: Important

    A remote code execution vulnerability exists in the way that the VBScript scripting engine handles objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0862) MS Rating: Important

    A remote code execution vulnerability exists in the way that the VBScript scripting engine handles objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

     

    VBScript Remote Code Execution Vulnerability (CVE-2019-0794) MS Rating: Important

    A remote code execution vulnerability exists in the way that the VBScript scripting engine handles objects in memory. An attacker can exploit this issue to gain access to the affected system. Successful exploitation of this vulnerability requires an attacker to host a specially crafted website designed to invoke VBScript through a web browser.

     

  2. Cumulative Security Update for Microsoft Office

    Office Remote Code Execution Vulnerability (CVE-2019-0801) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files. Successful exploitation of this vulnerability requires an attacker to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.

     

    Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0823) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

     

    Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0824) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

     

    Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0825) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

     

    Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0826) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

     

    Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0827) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0830) MS Rating: Important

    A cross-site-scripting vulnerability exists when Microsoft SharePoint Server fails to properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0831) MS Rating: Important

    A cross-site-scripting vulnerability exists when Microsoft SharePoint Server fails to properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-0828) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker can exploit this vulnerability to run arbitrary code in the context of the current user.

     

  3. Cumulative Security Update for Microsoft Exchange

    Microsoft Exchange Spoofing Vulnerability (CVE-2019-0817) MS Rating: Important

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker can exploit this vulnerability to perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services. Successful exploitation of this vulnerability requires an attacker to send a specially crafted email containing a malicious link to a user, or use a chat client to social-engineer a user into clicking the malicious link.

     

    Microsoft Exchange Spoofing Vulnerability (CVE-2019-0858) MS Rating: Important

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker can exploit this vulnerability to perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services. Successful exploitation of this vulnerability requires an attacker to send a specially crafted email containing a malicious link to a user, or use a chat client to social-engineer a user into clicking the malicious link.

     

  4. Cumulative Security Update for Microsoft Windows Kernel

    Win32k Elevation of Privilege Vulnerability (CVE-2019-0685) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

     

    Win32k Elevation of Privilege Vulnerability (CVE-2019-0859) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

     

    Win32k Elevation of Privilege Vulnerability (CVE-2019-0803) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

     

    Win32k Information Disclosure Vulnerability (CVE-2019-0814) MS Rating: Important

    An information disclosure vulnerability exists when the Win32k component fails to properly provide kernel information. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-0840) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

     

    Win32k Information Disclosure Vulnerability (CVE-2019-0848) MS Rating: Important

    An information disclosure vulnerability exists when the Win32k component fails to properly provide kernel information. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-0844) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

     

  5. Cumulative Security Update for Microsoft Windows

    SMB Server Elevation of Privilege Vulnerability (CVE-2019-0786) MS Rating: Critical

    A privilege escalation vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker can exploit this vulnerability to bypass certain security checks in the operating system.

     

    Windows IOleCvt Interface Remote Code Execution Vulnerability (CVE-2019-0845) MS Rating: Critical

    A remote code execution vulnerability exists when the IOleCvt interface renders ASP web page content. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user's system. Successful exploitation of this vulnerability requires an attacker to host a specially crafted website designed to render malicious ASP pages through a web browser.

     

    Windows Admin Center Elevation of Privilege Vulnerability (CVE-2019-0813) MS Rating: Important

    A privilege escalation vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations. An attacker can exploit this vulnerability to gain elevated privileges.

     

    Windows Security Feature Bypass Vulnerability (CVE-2019-0732) MS Rating: Important

    A security bypass vulnerability exists in Windows because Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to circumvent a User Mode Code Integrity (UMCI) policy on the machine to bypass Device Guard. Successful exploitation of this vulnerability requires an attacker to first access the local machine, and then run a malicious program.

     

    Windows TCP/IP Information Disclosure Vulnerability (CVE-2019-0688) MS Rating: Important

    An information disclosure vulnerability exists when the Windows TCP/IP stack fails to properly handle fragmented IP packets. An attacker can exploit this vulnerability to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to send specially crafted fragmented IP packets to a remote Windows computer.

     

    DirectX Information Disclosure Vulnerability (CVE-2019-0837) MS Rating: Important

    An information disclosure vulnerability exists when DirectX fails to properly handle objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system. An authenticated attacker can exploit this vulnerability by running a specially crafted application.

     

    Windows Information Disclosure Vulnerability (CVE-2019-0838) MS Rating: Important

    An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

     

    Windows Information Disclosure Vulnerability (CVE-2019-0839) MS Rating: Important

    An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker can exploit this vulnerability to obtain information to further compromise a user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

     

    NTFS Elevation of Privilege Vulnerability (CVE-2019-0841) MS Rating: Important

    A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) fails to properly handle hard links. An attacker can exploit this vulnerability to run processes in an elevated context. An attacker could then install programs and view, change, or delete data. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

     

    Windows Remote Code Execution Vulnerability (CVE-2019-0856) MS Rating: Important

    A remote code execution vulnerability exists when Windows fails to properly handle objects in memory. An attacker who successfully exploits these vulnerabilities could take control of an affected system. Successful exploitation of the vulnerabilities require an attacker to first log on to the target system and then run a specially crafted application.

     

    Windows CSRSS Elevation of Privilege Vulnerability (CVE-2019-0735) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker can exploit this vulnerability to run arbitrary code.

     

  6. Security Update for Microsoft XML Core Services

    MS XML Remote Code Execution Vulnerability (CVE-2019-0791) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user's system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

     

    MS XML Remote Code Execution Vulnerability (CVE-2019-0792) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user's system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

     

    MS XML Remote Code Execution Vulnerability (CVE-2019-0793) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user's system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

     

    MS XML Remote Code Execution Vulnerability (CVE-2019-0790) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user's system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

     

    MS XML Remote Code Execution Vulnerability (CVE-2019-0795) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user's system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

     

  7. Security Update for Windows Graphics Device Interface (GDI)

    GDI+ Remote Code Execution Vulnerability (CVE-2019-0853) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker can exploit this vulnerability to take control of the affected system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0802) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system. An attacker can exploit this vulnerability by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0849) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system. An attacker can exploit this vulnerability by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

     

    Microsoft Graphics Components Remote Code Execution Vulnerability (CVE-2019-0822) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a target system. Successful exploitation of this vulnerability requires an attacker to open a specially crafted file.

     

  8. Security Update for Windows LUA File Virtualization Filter Driver (Luafv.sys)

    Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0730) MS Rating: Important

    A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

     

    Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0731) MS Rating: Important

    A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

     

    Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0796) MS Rating: Important

    A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

     

    Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0805) MS Rating: Important

    A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

     

    Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0836) MS Rating: Important

    A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

     

  9. Security Update for Jet Database Engine

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0846) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0847) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0851) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0877) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0879) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

     

  10. Security Update for Azure DevOps Server and Team Foundation Server

    Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0866) MS Rating: Important

    A cross-site scripting vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user-provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

     

    Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0867) MS Rating: Important

    A cross-site scripting vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user-provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

     

    Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0868) MS Rating: Important

    A cross-site scripting vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user-provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

     

    Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0870) MS Rating: Important

    A cross-site scripting vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user-provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

     

    Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0871) MS Rating: Important

    A cross-site scripting vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user-provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

     

    Azure DevOps Server Elevation of Privilege Vulnerability (CVE-2019-0875) MS Rating: Important

    A privilege escalation vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker can exploit this issue to add GitHub repos to a project without having the proper access granted to their account.

     

    Azure DevOps Server Cross-site Scripting Vulnerability (CVE-2019-0874) MS Rating: Important

    A cross-site scripting vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

     

    Azure DevOps Server Spoofing Vulnerability (CVE-2019-0857) MS Rating: Important

    A spoofing vulnerability that could allow a security bypass exists in Azure DevOps Server when it does not properly sanitize user-provided input. An attacker who exploits the vulnerability could trick a user into loading a page containing malicious content. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which would get executed in the context of the user every time a user visits the compromised page. To exploit the bypass, an attacker can leverage any external source in the script-src to embed malicious script by bypassing Content Security Policy (CSP).

     

    Azure DevOps Server HTML Injection Vulnerability (CVE-2019-0869) MS Rating: Important

    A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests. An attacker can exploit this vulnerability to perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services. Successful exploitation of this vulnerability requires an attacker to create a popup to harvest information or present a user with a malicious link.

     

  11. Security Update for Microsoft ASP.NET

    ASP.NET Core Denial of Service Vulnerability (CVE-2019-0815) MS Rating: Important

    A denial of service (DoS) vulnerability exists when ASP.NET Core fails to properly handle web requests. An attacker can exploit this vulnerability to cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to the .NET Core application.

     

  12. Security Update for Open Enclave Software Development Kit

    Open Enclave SDK Information Disclosure Vulnerability (CVE-2019-0876) MS Rating: Important

    An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory. An attacker can exploit this vulnerability to obtain information stored in the Enclave. Successful exploitation of this vulnerability requires an attacker to successfully compromise the host application running the enclave. The attacker can then pivot to the enclave and exploit this vulnerability without user interaction.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Himanshu Mehta

Senior Threat Analysis Engineer

Himanshu is a senior member of Symantec's Cyber Security Services organization. An active contributor to numerous security communities, he frequently provides insight on vulnerabilities and shares his knowledge by writing reports, blogs, and journals.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.