Microsoft today released its April 2019 software updates to address a total of 74 vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and the rest are rated important in severity. This month’s Patch Tuesday from Microsoft also addressed two vulnerabilities that are actively being exploited.
Patch Tuesday updates for Microsoft products
This month’s Patch Tuesday covers updates for the following list of products and software:
-
Adobe Flash Player
-
Internet Explorer
-
Microsoft Edge
-
Microsoft Windows
-
Microsoft Office and Microsoft Office SharePoint
-
ChakraCore
-
ASP.NET
-
Microsoft Exchange Server
-
Team Foundation Server
-
Azure DevOps Server
-
Open Enclave SDK
-
Windows Admin Center
Publicly exploited vulnerabilities
Both the exploited vulnerabilities—CVE-2019-0803 and CVE-2019-0859—reside in the win32k component of the Windows operating system and are rated important. Successful exploitation of these bugs can cause ‘Elevation of Privilege’ in target computers.
Critical vulnerabilities
This month’s security updates come with 13 critical fixes. Most of these updates address vulnerabilities in scripting engines like Chakra Scripting Engine, VBScript Engine, and DHCP Client as well as in browsers like Internet Explorer and Edge. Failing to patch these vulnerabilities could lead to arbitrary code execution.
Third-party patches: Adobe updates
Adobe has addressed nearly 40 vulnerabilities in its suite of products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player. Of these vulnerabilities, 25 are rated critical and the rest are important. All the release information about these flaws is listed under Bulletin ID APSB19-19. Successful exploitation could lead to arbitrary code execution.
Non-security updates
This Patch Tuesday, Microsoft also released non-security updates for Office 2010, Office 2013, and Office 2016.
Patch Tuesday best practice: Test before deployment
Microsoft releases timely hotfixes, rollups, service packs, and other updates to ensure users are secure. But the updates themselves can cause stability issues and may even affect your systems’ health. You could avoid such issues by testing the patches prior to deployment.
ManageEngine offers two patching solutions: Desktop Central and Patch Manager Plus. Both offer a “Test and Approve” feature that provides an option to test patches before deploying them to the environment. Try either of these solutions free for 30 days and start patching with best practices now. If you’d like to take a look at in-depth analysis of these patches and see how missing just one of them can impact your organization, join us for our free Patch Tuesday webinar!
