Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4493471
HistoryApr 09, 2019 - 7:00 a.m.

April 9, 2019—KB4493471 (Monthly Rollup)

2019-04-0907:00:00
Microsoft
support.microsoft.com
53

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.125 Low

EPSS

Percentile

95.4%

JSON

April 9, 2019—KB4493471 (Monthly Rollup)

Customers who have applied KB 4489887 or later Monthly Rollup Packages to Microsoft Server 2008 SP2 may notice a change to the operating system version string. The “build number” component of the version string increases by 1, and the revision number decreases by approximately 4000 numbers. To find out more about this change please refer to the following article.

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB4489887 (released March 19, 2019) and addresses the following issues:

  • Addresses an issue that causes the error “0x3B_c0000005_win32k!vSetPointer” when the kernel mode driver, win32k.sys, accesses an invalid memory location.
  • Addresses an issue in which netdom.exe fails to run, and the error, “The command failed to complete successfully” appears.
  • Addresses an issue that may cause compound document (OLE) server applications to display embedded objects incorrectly if you use the PatBltAPI to place embedded objects into the Windows Metafile (WMF).
  • Security updates to Windows Storage and Filesystems, Windows Server, Microsoft Graphics Component, Windows Input and Composition, Windows Datacenter Networking, Windows Kernel, Windows MSXML, and the Microsoft JET Database Engine.
    For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

Symptom Workaround
After installing this update, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails. This issue is resolved in KB4499149.
Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing this update. This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates.Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.
Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing this update. This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

How to get this update

Before installing this updateMicrosoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. If you are using Windows Update, the latest SSU (KB4493730) will be offered to you automatically. To get the standalone package for the latest SSU, go to the Microsoft Update Catalog.Install this updateThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4493471.

Related

mskb 24
nessus 12
kaspersky 2
openvas 13
prion 35
cve 35
attackerkb 4
myhack58 1
qualysblog 1
talosblog 1
thn 1
krebs 1
symantec 22
mscve 25
zdt 5
zdi 6
checkpoint_advisories 8
githubexploit 1
cisa_kev 1
canvas 1
mskb
mskb
April 9, 2019—KB4493448 (Security-only update)
2019-04-09 07:00:00
April 9, 2019—KB4493450 (Security-only update)
2019-04-09 07:00:00
April 9, 2019—KB4493458 (Security-only update)
2019-04-09 07:00:00
nessus
nessus
KB4493458: Windows Server 2008 April 2019 Security Update
2019-04-09 00:00:00
KB4493448: Windows 7 and Windows Server 2008 R2 April 2019 Security Update
2019-04-09 00:00:00
KB4493450: Windows Server 2012 April 2019 Security Update
2019-04-09 00:00:00
kaspersky
kaspersky
KLA11875 Multiple vulnerabilities in Microsoft Products (ESU)
2019-04-09 00:00:00
KLA11460 Multiple vulnerabilities in Microsoft Windows
2019-04-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4493451)
2019-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4493446)
2019-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4493472)
2019-04-10 00:00:00
prion
prion
Remote code execution
2019-04-09 21:29:00
Remote code execution
2019-04-09 21:29:00
Remote code execution
2019-04-09 21:29:00
cve
cve
CVE-2019-0877
2019-04-09 21:29:00
CVE-2019-0846
2019-04-09 21:29:00
CVE-2019-0847
2019-04-09 21:29:00
attackerkb
attackerkb
CVE-2019-0841
2019-10-30 00:00:00
CVE-2019-0803
2019-04-09 00:00:00
CVE-2019-0685
2019-04-09 00:00:00
myhack58
myhack58
2019 4 on Microsoft patch day multiple vulnerabilities early warning-vulnerability warning-the black bar safety net
2019-04-10 00:00:00
qualysblog
qualysblog
April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns
2019-04-09 18:50:54
talosblog
talosblog
Microsoft Patch Tuesday — April 2019: Vulnerability disclosures and Snort coverage
2019-04-09 11:10:02
thn
thn
Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack
2019-04-09 18:01:00
krebs
krebs
Patch Tuesday Lowdown, April 2019 Edition
2019-04-10 00:07:33
symantec
symantec
Microsoft Office Access Connectivity Engine CVE-2019-0671 Remote Code Execution Vulnerability
2019-02-12 00:00:00
Microsoft Office Access Connectivity Engine CVE-2019-0673 Remote Code Execution Vulnerability
2019-02-12 00:00:00
Microsoft Windows JET Database Engine CVE-2019-0879 Remote Code Execution Vulnerability
2019-04-09 00:00:00
mscve
mscve
Windows Elevation of Privilege Vulnerability
2019-04-09 07:00:00
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
2019-02-12 08:00:00
Jet Database Engine Remote Code Execution Vulnerability
2019-04-09 07:00:00
zdt
zdt
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Exploit
2019-04-16 00:00:00
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Exploit
2019-04-16 00:00:00
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation Exploit
2019-04-16 00:00:00
zdi
zdi
Microsoft Access Database Engine ACEEXCL Use-After-Free Remote Code Execution Vulnerability
2019-02-12 00:00:00
Microsoft Windows EMF File Uninitialized Pointer Remote Code Execution Vulnerability
2019-04-15 00:00:00
Microsoft Access Database Engine ACEEXCL Out-Of-Bounds Read Remote Code Execution Vulnerability
2019-02-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows LUAFV Elevation of Privilege (CVE-2019-0730)
2019-04-09 00:00:00
Microsoft Windows LUAFV Elevation of Privilege (CVE-2019-0731)
2019-04-09 00:00:00
Microsoft Windows CSRSS Elevation of Privilege (CVE-2019-0735)
2019-04-09 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2019-06-07 04:37:34
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2021-11-03 00:00:00
canvas
canvas
Immunity Canvas: MENU_CONFUSION_LPE
2019-04-09 21:29:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.125 Low

EPSS

Percentile

95.4%

JSON
Related for KB4493471
mskb24nessus12kaspersky2openvas13prion35cve35attackerkb4myhack581qualysblog1talosblog1thn1krebs1symantec22mscve25zdt5zdi6checkpoint_advisories8githubexploit1cisa_kev1canvas1