Microsoft April 2019 Patch Tuesday’s release included fixes for 74 vulnerabilities, 15 of which were classified as critical and most of which affect the Windows operating system itself and two actively exploited vulnerabilities.
The actively exploited vulnerabilities included two Win32K Elevation of Privilege vulnerabilities on of which was discovered by the Alibaba Cloud Intelligence Security Team and the other discovered by Kaspersky Lab.
Both of the flaws can result in unauthorised elevation of privilege, and affect all supported versions of Windows although an attacker must already have local access to an affected system to use or gain kernel-level code execution capabilities.
However, one of the 32 patched remote code execution (RCE) vulnerabilities could potentially be used with them in an exploit chain to obtain full control of a system.
"Aside from these zero-day privilege escalation flaws, it’s a fairly standard Patch Tuesday," said Greg Wiseman, senior security researcher for Rapid7, "which, of course, still means that there are bugs that should be patched as soon as possible, such as the eight vulnerabilities classified as critical in the scripting engine used by Microsoft browsers, and CVE-2019-0822 (an RCE in Microsoft Office that can be exploited by convincing a user to open a malicious file)."
Microsoft also patched a cross-site scripting (XSS) vulnerability in SharePoint Server in CVE-2019-0831that could, potentially allow an attacker to gain unauthorized access to certain content or perform actions on the site using the victim’s identity.
Wiseman added the update also includes fixes for two spoofing attacks against the Outlook Web Access (OWA) component of Microsoft Exchange Server were also released today and added that software development shops should also take note of the multiple XSS vulnerabilities and HTML injection flaws that were fixed in Team Foundation Server."
Chris Goettl, director of product management, security, for Ivanti said that updates from Microsoft, Adobe, Wireshark, Oracle (dropping on April 16) and Opera, coupled with a boatload of end-of-life notices, raise a number of security concerns that are very timely to discuss given the ransomware attack on Arizona Beverages that grinded the company to a halt.
"Microsoft has released 15 updates resolving 74 unique CVEs this month," Goettl said. "These updates affect the Windows OS, Internet Explorer and Edge browsers, Office, SharePoint and Exchange."
Adobe’s release of a total of seven updates resolving 43 unique CVEs for Adobe Reader and Acrobat, AIR, Flash and Shockwave are the most concerning, Goettl said. Anyone affected by these flaws should remove Shockwave from their environment since render the majority of Shockwave installs still in existence vulnerable, creating an imminent threat.
In addition, users should also beware of the 10 CVEs released by Wireshark since it is an overlooked IT tool that can pose a significant risk. Users should ensure it is updated or removed where it is no longer needed.
Immediate actions advised by Goettl include:
Remove Shockwave from your environment. Its seven vulnerabilities are going to leave the majority of Shockwave installs exposed. "You can bet an exploit is imminent there."
Wireshark released three updates resolving 10 CVEs. Wireshark is one of those overlooked IT tools that can pose a significant risk to your environment. Ensure it gets updated or removed where it is no longer needed.
He also lists Ivanti priorities this month:
- · Patch the Windows OS and browsers
- · Patch Adobe Reader, Acrobat, AIR and Flash
- · Remove Shockwave from your environment unless you have a continued support contract with Adobe to receive updates
- · Patch Wireshark
- · Investigate the Office, SharePoint, and Exchange updates and get them rolled out in a reasonable timeframe
- · Review end-of-life software in your environment and have an action plan in place to eliminate or mitigate risks. "I would suggest:
- o Remove it (best option)
- o Virtualise the workloads
- o Reduce access
- o Segregate from the rest of your environment
- o Limit or remove internet connectivity to those workloads
An earlier version his article was originally published on SC Media US.