Monday, January 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack

April 9, 2019
in Internet Privacy
Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Credit: The Hacker News

Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity.

You might also like

Tracking Pen Testing Trends and Challenges

Beware — A New Wormable Android Malware Spreading Through WhatsApp

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw

April 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, MS Office, and MS Office Services and Web Apps, ChakraCore, Exchange Server, .NET Framework and ASP.NET, Skype for Business, Azure DevOps Server, Open Enclave SDK, Team Foundation Server, and Visual Studio.

None of the vulnerabilities addressed this month by the tech giant were disclosed publicly at the time of release, leaving the two recently disclosed zero-day flaws in Internet Explorer and Edge browsers still open for hackers.

However, two new privilege escalation vulnerabilities, which affect all supported versions of the Windows operating system, have been reported as being actively exploited in the wild.

Both rated as important, the flaws (CVE-2019-0803 and CVE-2019-0859) reside in the Win32k component of Windows operating system that could be exploited by attackers to run arbitrary code in kernel mode on a targeted computer.

Just last month Microsoft patched two similar vulnerabilities in the Win32k component that were also being exploited in targeted attacks by several threat actors including, FruityArmor and SandCat.

Besides this, Microsoft also released updates to patch 13 critical vulnerabilities, and as expected, all of the critical-rated vulnerabilities lead to remote code execution attacks, except one elevation of privileges in Windows Server Message Block (SMB) Server.

All critical vulnerabilities primarily impact various versions of Windows 10 operating system and Server editions and reside in ChakraCore Scripting Engine, Microsoft XML Core Services, SMB Server, Windows IOleCvt Interface, and Windows Graphics Device Interface (GDI).

Many important-rated vulnerabilities also lead to remote code execution attacks, while others allow elevation of privilege, information disclosure, cross-site scripting (XSS), spoofing and denial of service attacks.

Users and system administrators are highly recommended to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.

For addressing problematic update issues on Windows 10 devices, Microsoft last month also introduced a safety measure that automatically uninstalls buggy software updates installed on your system if your OS detects a startup failure.

Adobe also rolled out security updates today to fix 40 security vulnerabilities in several of its products. Users of the affected Adobe software for Windows, macOS, Linux, and Chrome OS are advised to update their software packages to the latest versions.


Credit: The Hacker News By: noreply@blogger.com (Mohit Kumar)

Previous Post

Microsoft CEO Nadella Meets Weekly With Top Execs to Review AI Projects

Next Post

Microsoft's April Patch Tuesday comes with fixes for two Windows zero-days

Related Posts

Tracking Pen Testing Trends and Challenges
Internet Privacy

Tracking Pen Testing Trends and Challenges

January 25, 2021
Beware — A New Wormable Android Malware Spreading Through WhatsApp
Internet Privacy

Beware — A New Wormable Android Malware Spreading Through WhatsApp

January 25, 2021
Beware! Fully-Functional Released Online for SAP Solution Manager Flaw
Internet Privacy

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw

January 24, 2021
Experts Detail A Recent Remotely Exploitable Windows Vulnerability
Internet Privacy

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

January 23, 2021
SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product
Internet Privacy

SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

January 23, 2021
Next Post
Microsoft’s April Patch Tuesday comes with fixes for two Windows zero-days

Microsoft's April Patch Tuesday comes with fixes for two Windows zero-days

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

How to Change the WordPress Admin Login Logo
Learn to Code

JavaScript Wake Lock API

January 25, 2021
DreamBus botnet targets enterprise apps running on Linux servers
Internet Security

DreamBus botnet targets enterprise apps running on Linux servers

January 25, 2021
Tracking Pen Testing Trends and Challenges
Internet Privacy

Tracking Pen Testing Trends and Challenges

January 25, 2021
All You Should Know About Data Security in 2020/2021
Data Science

All You Should Know About Data Security in 2020/2021

January 25, 2021
AWS Machine Learning Specialty Online Course
Machine Learning

AWS Machine Learning Specialty Online Course

January 25, 2021
Beware — A New Wormable Android Malware Spreading Through WhatsApp
Internet Privacy

Beware — A New Wormable Android Malware Spreading Through WhatsApp

January 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • JavaScript Wake Lock API January 25, 2021
  • DreamBus botnet targets enterprise apps running on Linux servers January 25, 2021
  • Tracking Pen Testing Trends and Challenges January 25, 2021
  • All You Should Know About Data Security in 2020/2021 January 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates