Microsoft выпустила пакет обновлений, устраняющих в общей сложности 74 бага
Microsoft выпустила пакет обновлений, устраняющих в общей сложности 74 бага
В рамках апрельского «вторника исправлений» компания Microsoft выпустила пакет обновлений, устраняющих в общей сложности 74 бага, включая две уязвимости нулевого дня, в различных продуктах. В минувшем месяце производитель такжеисправилдве уязвимости в Windows, активно атакуемые злоумышленниками.
Обе «свежие» проблемы (CVE-2019-0803 и CVE-2019-0859) представляют собой уязвимости повышения привилегий, затрагивающие компонент Win32k. Согласно описанию Microsoft, баг существует в связи с некорректной обработкой объектов в памяти, а его эксплуатация позволяет выполнить код в режиме ядра. В результате злоумышленник получит возможность устанавливать программы, просматривать, изменять или удалять данные, создавать новые учетные записи с полными правами и т.д. Для эксплуатации уязвимости атакующий должен авторизоваться в системе и запустить вредоносное приложение.
В каких именно атаках используются вышеуказанные уязвимости, компания не сообщила.
В числе прочих производитель устранил ряд критических уязвимостей в различных компонентах, в частности, CVE-2019-0824, CVE-2019-0825 и CVE-2019-0827 в СУБД Microsoft Access и CVE-2019-0853 в компоненте Windows GDI+
Полный список исправленных проблем
Microsoft CVE Summary
This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Core | CVE-2019-0815 | ASP.NET Core Denial of Service Vulnerability |
| Adobe Flash Player | ADV190011 | April 2019 Adobe Flash Security Update |
| CSRSS | CVE-2019-0735 | Windows CSRSS Elevation of Privilege Vulnerability |
| Microsoft Browsers | CVE-2019-0764 | Microsoft Browsers Tampering Vulnerability |
| Microsoft Edge | CVE-2019-0833 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Exchange Server | CVE-2019-0817 | Microsoft Exchange Spoofing Vulnerability |
| Microsoft Exchange Server | CVE-2019-0858 | Microsoft Exchange Spoofing Vulnerability |
| Microsoft Graphics Component | CVE-2019-0803 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-0802 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0849 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-0853 | GDI+ Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0851 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0879 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0877 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0847 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0846 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0826 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0801 | Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0823 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0828 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0822 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0827 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0824 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0825 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0831 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0830 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0752 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0861 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0862 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0860 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0835 | Microsoft Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0753 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0806 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0739 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0810 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0812 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0829 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2019-0840 | Windows Kernel Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0838 | Windows Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0796 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0839 | Windows Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0836 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0837 | DirectX Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0794 | OLE Automation Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0814 | Win32k Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0805 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0848 | Win32k Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0730 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0688 | Windows TCP/IP Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0685 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0842 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-0841 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0731 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0732 | Windows Security Feature Bypass Vulnerability |
| Microsoft XML | CVE-2019-0793 | MS XML Remote Code Execution Vulnerability |
| Microsoft XML | CVE-2019-0791 | MS XML Remote Code Execution Vulnerability |
| Microsoft XML | CVE-2019-0790 | MS XML Remote Code Execution Vulnerability |
| Microsoft XML | CVE-2019-0792 | MS XML Remote Code Execution Vulnerability |
| Microsoft XML | CVE-2019-0795 | MS XML Remote Code Execution Vulnerability |
| Open Source Software | CVE-2019-0876 | Open Enclave SDK Information Disclosure Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Team Foundation Server | CVE-2019-0870 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0869 | Team Foundation Server HTML Injection Vulnerability |
| Team Foundation Server | CVE-2019-0868 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0874 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0871 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0875 | Azure DevOps Server Elevation of Privilege Vulnerability |
| Team Foundation Server | CVE-2019-0867 | Team Foundation Server Cross-site Scripting Vulnerability |
| Team Foundation Server | CVE-2019-0857 | Team Foundation Server Spoofing Vulnerability |
| Team Foundation Server | CVE-2019-0866 | Team Foundation Server Cross-site Scripting Vulnerability |
| Windows Admin Center | CVE-2019-0813 | Windows Admin Center Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-0856 | Windows Remote Code Execution Vulnerability |
| Windows Kernel | CVE-2019-0859 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-0844 | Windows Kernel Information Disclosure Vulnerability |
| Windows SMB Server | CVE-2019-0786 | SMB Server Elevation of Privilege Vulnerability |
