Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4493450
HistoryApr 09, 2019 - 7:00 a.m.

April 9, 2019—KB4493450 (Security-only update)

2019-04-0907:00:00
Microsoft
support.microsoft.com
16

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.125 Low

EPSS

Percentile

95.4%

JSON

April 9, 2019—KB4493450 (Security-only update)

Improvements and fixes

This security update includes quality improvements. Key changes include:

  • Addresses an issue that may cause applications that use MSXML6 to stop responding if an exception was thrown during node operations.
  • Addresses an issue that causes the Group Policy editor to stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 Internet settings.
  • Addresses an issue that may cause authentication issues for Internet Explorer 10 and other applications that use WININET.DLL. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons.
  • Addresses an issue that may cause compound document (OLE) server applications to display embedded objects incorrectly if you use the PatBltAPI to place embedded objects into the Windows Metafile (WMF).
  • Security updates to Windows Storage and Filesystems, Windows Server, Microsoft Graphics Component, Windows Input and Composition, Windows Datacenter Networking, Windows Kernel, Windows MSXML, and the Microsoft JET Database Engine.
    For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

Symptom Workaround
After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. This issue is resolved KB4503263.
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing this update. This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates.Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing this update. This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Do one of the following:
  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.
    Microsoft is working on a resolution and will provide an update in an upcoming release.

How to get this update

This update is now available for installation through WSUS. To get the standalone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4493450.

Related

mskb 24
nessus 12
kaspersky 2
openvas 13
myhack58 1
prion 35
cve 34
attackerkb 4
qualysblog 1
talosblog 1
thn 1
krebs 1
symantec 24
mscve 25
zdi 6
zdt 5
checkpoint_advisories 7
githubexploit 1
cisa_kev 1
canvas 1
mskb
mskb
April 9, 2019—KB4493448 (Security-only update)
2019-04-09 07:00:00
April 9, 2019—KB4493458 (Security-only update)
2019-04-09 07:00:00
April 9, 2019—KB4493471 (Monthly Rollup)
2019-04-09 07:00:00
nessus
nessus
KB4493458: Windows Server 2008 April 2019 Security Update
2019-04-09 00:00:00
KB4493450: Windows Server 2012 April 2019 Security Update
2019-04-09 00:00:00
KB4493448: Windows 7 and Windows Server 2008 R2 April 2019 Security Update
2019-04-09 00:00:00
kaspersky
kaspersky
KLA11875 Multiple vulnerabilities in Microsoft Products (ESU)
2019-04-09 00:00:00
KLA11460 Multiple vulnerabilities in Microsoft Windows
2019-04-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4493451)
2019-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4493446)
2019-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4493472)
2019-04-10 00:00:00
myhack58
myhack58
2019 4 on Microsoft patch day multiple vulnerabilities early warning-vulnerability warning-the black bar safety net
2019-04-10 00:00:00
prion
prion
Remote code execution
2019-04-09 21:29:00
Remote code execution
2019-04-09 21:29:00
Remote code execution
2019-04-09 21:29:00
cve
cve
CVE-2019-0877
2019-04-09 21:29:00
CVE-2019-0846
2019-04-09 21:29:00
CVE-2019-0847
2019-04-09 21:29:00
attackerkb
attackerkb
CVE-2019-0841
2019-10-30 00:00:00
CVE-2019-0803
2019-04-09 00:00:00
CVE-2019-0685
2019-04-09 00:00:00
qualysblog
qualysblog
April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns
2019-04-09 18:50:54
talosblog
talosblog
Microsoft Patch Tuesday — April 2019: Vulnerability disclosures and Snort coverage
2019-04-09 11:10:02
thn
thn
Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack
2019-04-09 18:01:00
krebs
krebs
Patch Tuesday Lowdown, April 2019 Edition
2019-04-10 00:07:33
symantec
symantec
Microsoft Office Access Connectivity Engine CVE-2019-0671 Remote Code Execution Vulnerability
2019-02-12 00:00:00
Microsoft Office Access Connectivity Engine CVE-2019-0673 Remote Code Execution Vulnerability
2019-02-12 00:00:00
Microsoft Windows JET Database Engine CVE-2019-0877 Remote Code Execution Vulnerability
2019-04-09 00:00:00
mscve
mscve
Windows Elevation of Privilege Vulnerability
2019-04-09 07:00:00
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
2019-02-12 08:00:00
Jet Database Engine Remote Code Execution Vulnerability
2019-04-09 07:00:00
zdi
zdi
Microsoft Access Database Engine ACEEXCL Use-After-Free Remote Code Execution Vulnerability
2019-02-12 00:00:00
Microsoft Windows EMF File Uninitialized Pointer Remote Code Execution Vulnerability
2019-04-15 00:00:00
Microsoft Access Database Engine ACEEXCL Out-Of-Bounds Read Remote Code Execution Vulnerability
2019-02-12 00:00:00
zdt
zdt
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Exploit
2019-04-16 00:00:00
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Exploit
2019-04-16 00:00:00
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation Exploit
2019-04-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows LUAFV Elevation of Privilege (CVE-2019-0730)
2019-04-09 00:00:00
Microsoft Windows LUAFV Elevation of Privilege (CVE-2019-0731)
2019-04-09 00:00:00
Microsoft Windows CSRSS Elevation of Privilege (CVE-2019-0735)
2019-04-09 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2019-06-07 04:37:34
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2021-11-03 00:00:00
canvas
canvas
Immunity Canvas: MENU_CONFUSION_LPE
2019-04-09 21:29:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.125 Low

EPSS

Percentile

95.4%

JSON
Related for KB4493450
mskb24nessus12kaspersky2openvas13myhack581prion35cve34attackerkb4qualysblog1talosblog1thn1krebs1symantec24mscve25zdi6zdt5checkpoint_advisories7githubexploit1cisa_kev1canvas1