The latest April Update or “Patch” Tuesday from Microsoft targets two zero-days actively being exploited.
Along with the two zero-days the 2019 April update delivers patches for 15 vulnerabilities defined as critical plus a further 59 fixes. The majority of the vulnerabilities pertain to and affect Windows operating systems.
The two Win32K Elevation of Privilege vulnerabilities were identified by Moscow cybersecurity experts Kaspersky and the Alibaba Cloud security team.
The flaws found have the capability to raise a user’s access levels that have not been authorised. Investigation has revealed the flaws have been recognised to affect every supported version of Windows. The attacker must have a local level of access to the system already though, and either obtain or use kernel-level code execution privileges. The attack can be far reaching however. A patched remote code execution vulnerability could potentially be utilised in conjunction with these capabilities to gain total control over a system.
Along with the two zero-days addressed, a security researcher at Rapid7, Greg Wiseman, commented on other vulnerabilities that needed attention:
“There are bugs that should be patched as soon as possible, such as the eight vulnerabilities classified as critical in the scripting engine used by Microsoft browsers, and CVE-2019-0822 (an RCE in Microsoft Office that can be exploited by convincing a user to open a malicious file).”
Additional fixes from Microsoft for the April update
For April 2019 Microsoft has released a total of 15 updates in which it resolves 74 individual common vulnerabilities and exposures. The updates affect both Edge and Internet Explorer browsers, the Windows operating system, Exchange, Office and SharePoint.
A vulnerability concerning cross-site scripting in SharePoint server has also been addressed by Microsoft. The SharePoint server vulnerability in CVE-2019-0831 has the potential to allow unauthorised access to an attacker enabling them to exploit their permissions making use of their victim’s identity
Patches are also supplied for a couple of previous spoofing attacks aimed at the Microsoft Exchange Server, specifically its Outlook Web Access component. Several HTML flaws and cross site scripting vulnerabilities have also been dealt with in Team Foundation Server.
Keeping in step with the latest threats and their fixes is a vital factor in keeping your system secure and free from potential attacks, so make sure your system is safe by applying patches and keeping good security practices in place.
It’s always wise to install Microsoft patches as quickly as they become available. While always maintaining functionality ensure you run software with the least amount of privileges necessary. When receiving files study their source and if unknown avoid handling whenever possible. Likewise, sites of questionable integrity are also best avoided. Make sure external access to key systems remains denied unless specific access is authorised and required.
If your company has security concerns regarding vulnerabilities in collaborative software it is currently employing, then contact our specialist team at WM Reply. We possess extensive knowledge on Microsoft technology and putting it to work solving your business problems.