Microsoft áprilisi hibajavítás

Típus: Hírek
Publikálva: 15/04/2019
A két érintett sérülékenység:
- CVE-2019-0853 - a GDI+ Remote Code Execution Vulnerability. A number of Microsoft programs, notably the OS and Office suite, use the GDI+ component. Discovered by ZDI’s Hossein Lotfi, this vulnerability occurs when parsing EMF file records. A specially crafted EMF file record can trigger access of an uninitialized pointer, which allows an attacker to execute arbitrary code.
- CVE-2019-0688 - a Windows TCP/IP Information Disclosure Vulnerability. IP fragmentation has been a problem for years, and apparently remains an issue. This bug in the Windows TCP/IP stack could allow information disclosure from improperly handling fragmented IP packets. The vulnerability could expose data such as SAS token and resource IDs.

A 74 sérülékenységből 13 kritikus besorolású, míg 61 fontos. Az érintett Microsoft alkalmazások:
- Internet Explorer
- Edge
- Windows
- ChakraCore
- Microsoft Office
- Microsoft Office Services and Web Apps
- .NET Framework
- ASP.NET
- Exchange Server
- Visual Studio
- Skype for Business
- Azure DevOps Server
- Open Enclave SDK
- Team Foundation Server.

A 74-ből kettő sérülékenység a Trend Micro bug-bounty proramjában, a ZDI-ban lett publikálva.

A Trend Micro Deep Security-t, vagy Vulnerability Protection-t hazsnáló ügyfelek már eddig is védve voltak a következő sérülékenységektől:
- 1009647-Microsoft Windows GDI Elevation Of Privilege Vulnerability (CVE-2019-0803)
- 1009649-Microsoft Windows Multiple Security Vulnerabilities (Apr-2019)
- 1009650-Microsoft XML Remote Code Execution Vulnerability (CVE-2019-0793)
- 1009651-Microsoft XML Remote Code Execution Vulnerability (CVE-2019-0794)
- 1009652-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0806)
- 1009653-Microsoft Graphics Components Remote Code Execution Vulnerability (CVE-2019-0822)
- 1009654-Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0862)
- 1009655-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0752)
- 1009656-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0753)
- 1009657-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0861)
- 1009658-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0810)
- 1009659-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0812)
- 1009660-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0829)
- 1009661-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0860)
- 1009662-Adobe Flash Player Out-of-Bounds Read Vulnerability (CVE-2019-7108)
- 1009663-Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-17) – 1
- 1009666-Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-17) – 2

A Trend Micro TippingPoint-ot használó ügyfelek pedig már korábban is védve voltak a következő sérülékenységektől:
- 34889: HTTP: Delta Industrial Automation CNCSoft Buffer Overflow Vulnerability (ZDI-18-1071)
- 34899: HTTP: Adobe Flash Player MovieClip Use-After-Free Vulnerability (Upload)
- 34901: ZDI-CAN-7273: Zero Day Initiative Vulnerability (Belkin SuperTask)
- 34902: ZDI-CAN-7274: Zero Day Initiative Vulnerability (Belkin SuperTask)
- 34903: ZDI-CAN-7275: Zero Day Initiative Vulnerability (Belkin SuperTask)
- 34906: ZDI-CAN-8341: Zero Day Initiative Vulnerability (Adobe Reader DC)
- 34912: HTTP: Adobe Flash Player attachMovie Use-After-Free Vulnerability (Upload)
- 34914: HTTP: Adobe Flash Player attachMovie Use-After-Free Vulnerability
- 34917: ZDI-CAN-7787: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 34918: ZDI-CAN-7858: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 34919: ZDI-CAN-7939: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 34920: ZDI-CAN-8228: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 34921: ZDI-CAN-8265: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 34922: ZDI-CAN-8272: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 34929: HTTP: Microsoft Scripting Engine RegExp Memory Corruption Vulnerability
- 34930: HTTP: Microsoft Internet Explorer XSL Use-After-Free Vulnerability
- 34931: HTTP: Microsoft Internet Explorer VBScript Integer Overflow Vulnerability
- 34933: HTTP: Microsoft Office Protocol Handler Directory Traversal Vulnerability
- 34936: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability
- 34937: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability
- 34938: HTTP: Microsoft Windows Chakra Scripting Engine Memory Corruption Vulnerability
- 34939: HTTP: Microsoft Windows Win32k Use-After-Free Vulnerability
- 34941: HTTP: Microsoft Chakra Memory Corruption Vulnerability
- 34944: HTTP: Microsoft Windows NT KASLR Information Disclosure Vulnerability
- 34945: HTTP: Microsoft Windows Win32K Use-After-Free Vulnerability
- 34946: HTTP: Microsoft Chakra Memory Corruption Vulnerability
- 34947: HTTP: Microsoft Chakra Memory Corruption Vulnerability
- 34948: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
- 34949: HTTP: Microsoft Windows Win32k Use-After-Free Vulnerability
- 34951: HTTP: Microsoft Windows GDI Use-After-Free Vulnerability
- 34953: ZDI-CAN-8293: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
- 34954: ZDI-CAN-8055: Zero Day Initiative Vulnerability (Microsoft Windows)
- 34955: ZDI-CAN-8036: Zero Day Initiative Vulnerability (Microsoft Windows)
- 34956: ZDI-CAN-8056: Zero Day Initiative Vulnerability (Microsoft Windows)
- 34957: ZDI-CAN-8058: Zero Day Initiative Vulnerability (Microsoft Windows)

 


A teljes cikk elérhető az alábbi linken:
https://newsroom.trendmicro.com/blog/security-intelligence/aprils-patch-tuesday-fixes-two-vulnerabilities-being-exploited-wild

Kapcsolat

+36 1 371 2 370
trendmicro.ecs.hu@arrow.com

 CL Social Media Icon - Facebook 40px CL Social Media Icon - Twitter 40px CL Social Media Icon - Blog 40px  YouTube_40