Microsoft has patched upwards of 70 flaws in April 2019, as well as two Windows zero-day vulnerabilities that let an attacker escalate privileges on a bargained system.
Tracked as CVE-2019-0803 and CVE-2019-0859, the actively exploited vulnerabilities look identical. They are both caused because of the way the Win32k component in Windows deals with objects in memory, both allowing a genuine assailant to perform arbitrary code in kernel mode.
Although all supported versions of Windows are affected, Microsoft fully knows misuse attempts against older versions of the operating system. It’s not rare for attacks to be counteracted by moderations included in Windows 10.
Researchers at Kaspersky Lab has been credited by Microsoft for reporting one of the faults and Donghai Zhu of the Alibaba Cloud Intelligence Security Team for the second zero-day.
On the other hand, Adobe’s Patch Tuesday updates for April 2019 highlight 43 susceptibilities impacting the company’s Acrobat and Reader, Flash Player, Shockwave Player, Dreamweaver, XD, InDesign, Experience Manager Forms, and Bridge CC products.
In the Windows and macOS versions of Acrobat and Reader software, Adobe fixed 21 security holes, including critical memory corruption bugs that can be exploited for arbitrary code execution.
In total, 7 flaws have been fixed by the tech behemoth in Shockwave Player for Windows. Termed as critical memory corruptions that can result in random code execution, these vulnerabilities were reported to Adobe by Honggang Ren of Fortinet’s FortiGuard Labs.
In its Bridge CC digital asset management app, Adobe fixed eight security bugs. Two of the faults allow random code execution and have been termed “critical,” while the others can lead to information disclosure and they have been rated “important.” Francis Provencher and Matt Powell reported these flaws to the company through Trend Micro’s Zero Day Initiative (ZDI).
Adobe says there is no indication that any of these faults have been exploited for malevolent purposes.