Microsoft Security Bulletin Coverage for April 2019

April 9, 2019

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of April 2019. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2019-0685 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0688 Windows TCP/IP Information Disclosure Vulnerability
ASPY 5456:Malformed-File exe.MP.66
CVE-2019-0730 Windows Elevation of Privilege Vulnerability
ASPY 5457:Malformed-File exe.MP.67
CVE-2019-0731 Windows Elevation of Privilege Vulnerability
ASPY 5458:Malformed-File exe.MP.68
CVE-2019-0732 Windows Security Feature Bypass Vulnerability
ASPY 5459:Malformed-File exe.MP.69
CVE-2019-0735 Windows CSRSS Elevation of Privilege Vulnerability
ASPY 5460:Malformed-File exe.MP.70
CVE-2019-0739 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0752 Scripting Engine Memory Corruption Vulnerability
IPS 14132:Scripting Engine Memory Corruption Vulnerability (APR 19) 1
CVE-2019-0753 Scripting Engine Memory Corruption Vulnerability
IPS 14133:Scripting Engine Memory Corruption Vulnerability (APR 19) 2
CVE-2019-0764 Microsoft Browsers Tampering Vulnerability
There are no known exploits in the wild.
CVE-2019-0786 SMB Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0790 MS XML Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0791 MS XML Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0792 MS XML Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0793 MS XML Remote Code Execution Vulnerability
IPS 14134:MS XML Remote Code Execution Vulnerability (APR 19)
CVE-2019-0794 OLE Automation Remote Code Execution Vulnerability
ASPY 5462:Malformed-File vbs.MP.1
CVE-2019-0795 MS XML Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0796 Windows Elevation of Privilege Vulnerability
ASPY 5461:Malformed-File exe.MP.71
CVE-2019-0801 Office Remote Code Execution Vulnerability
IPS 14124:Microsoft Office Remote Code Execution (APR 19) 1
CVE-2019-0802 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0803 Win32k Elevation of Privilege Vulnerability
ASPY 5453:Malformed-File dll.MP.4
CVE-2019-0805 Windows Elevation of Privilege Vulnerability
ASPY 5454:Malformed-File exe.MP.65
CVE-2019-0806 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14136:Chakra Scripting Engine Memory Corruption Vulnerability (APR 19) 3
CVE-2019-0810 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14137:Chakra Scripting Engine Memory Corruption Vulnerability (APR 19) 4
CVE-2019-0812 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0813 Windows Admin Center Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0814 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0815 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0817 Microsoft Exchange Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0822 Microsoft Graphics Components Remote Code Execution Vulnerability
ASPY 5455:Malformed-File ppt.MP.9
CVE-2019-0823 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0824 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0825 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0826 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0827 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0828 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0829 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0830 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-0831 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-0833 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0835 Microsoft Scripting Engine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0836 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0837 DirectX Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0838 Windows Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0839 Windows Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0840 Windows Kernel Information Disclosure Vulnerability
ASPY 5451:Malformed-File exe.MP.63
CVE-2019-0841 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0842 Windows VBScript Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0844 Windows Kernel Information Disclosure Vulnerability
ASPY 5451:Malformed-File exe.MP.63
CVE-2019-0845 Windows IOleCvt Interface Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0846 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0847 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0848 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0849 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0851 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0853 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0856 Windows Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0857 Team Foundation Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0858 Microsoft Exchange Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0859 Win32k Elevation of Privilege Vulnerability
ASPY 5452:Malformed-File exe.MP.64
CVE-2019-0860 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14128:Chakra Scripting Engine Memory Corruption Vulnerability (APR 19) 1
CVE-2019-0861 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14129:Chakra Scripting Engine Memory Corruption Vulnerability (APR 19) 2
CVE-2019-0862 Windows VBScript Engine Remote Code Execution Vulnerability
IPS 14130:VBScript Engine Remote Code Execution Vulnerability (APR 19) 1
CVE-2019-0866 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0867 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0868 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0869 Team Foundation Server HTML Injection Vulnerability
There are no known exploits in the wild.
CVE-2019-0870 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0871 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0874 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0875 Azure DevOps Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0876 Open Enclave SDK Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0877 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0879 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.