2019 4 on Microsoft patch day multiple vulnerabilities early warning-vulnerability warning-the black bar safety net

0x00 event background
2019 04 May 10, 360CERT monitoring to Microsoft to 4, on 9 September released a 4 month safety update. This security update covers the Windows of the body and a plurality of Windows core component(Windows,win32k,RECEIVE,CSRSS,MSXML,VSScript)code execution/privilege escalation vulnerability.
360CERT it is determined that the update for vulnerabilities affecting a wide range, the recommendations of the majority of users in a timely manner by the Windows Security Update Service and timely system upgrades. So as not to subjected to hacker attacks and malware.

0x01 vulnerability details
It is more prominent of several vulnerabilities vulnerability description. For complete information please view the reference link of the first follow-up.
CVE-2019-0803, CVE-2019-0859 – Win32k elevation of privilege vulnerability
It’s like March the same, there are two similar vulnerabilities were listed in the May Be attack of classification. Kaspersky Lab once again reported one of the vulnerability, another vulnerability from Ali Cloud Intelligence Security Group. These vulnerabilities allow an attacker to elevate privileges, and access to the system after the take over of the system. About these vulnerabilities is how to be used has not yet been disclosed, but may already have the malicious software comes with for the vulnerability of attack.
CVE-2019-0856 – Windows remote command execution vulnerability
Security updates for Windows the title says the remote code execution, but the description indicates that the attacker needs to log on to the system to exploit the vulnerability. Anyway, considering that it affects all supported versions of Windows, it should be timely application of this patch.
CVE-2019-0853 – GDI+ remote command execution vulnerability
For this vulnerability the patch fixes Hossein Lotfi discovered vulnerabilities, at the same time also repair the Windows GDI+is a problem. Parsing the EMF file records occurs when the vulnerability. A specially crafted EMF file records can trigger of uninitialized pointer access, which allows an attacker to execute arbitrary code. Affects multiple Microsoft components and the programs, especially theoperating systemand office Suite these large-scale use of GDI+ components.
CVE-2019-0793 – MS XML remote command execution vulnerability
Microsoft XML core services MSXML parser to handle user input, there is a remote code execution vulnerability. Successful exploitation of the vulnerability an attacker can remotely run malicious code to control the user’s system.
CVE-2019-0794 – the Windows VBScript Engine remote command execution
An attacker could host a specially crafted website that is designed to through a browser to exploit this vulnerability, by users of the site access can be achieved on the user’s computer control. The attacker can also in IE the rendering engine of an application or Microsoft Office document to embed a mark for the“initialization safety”of the ActiveX control, to trigger this vulnerability.
CVE-2019-0688 – the Windows TCP/IP information disclosure vulnerability
For this vulnerability the patch fixes the Windows does not properly process fragmented IP packets caused by information disclosure vulnerabilities. The SAS token and resource identifier and other data may be leaked to the attacker. IP fragmentation attacks have existed for many years, Ping of Death and Teardrop Is early example. Even in modern TCP/IP stack, Protocol attacks remains.
CVE-2019-0786 – Windows SMB privilege escalation vulnerability
When having the effective credentials of the attacker attempts to on a computer through SMB to open a specially crafted file could trigger Microsoft server SMB in the presence of elevation of privilege vulnerabilities. To successfully exploit this vulnerability the attacker can bypass theoperating systemin some security check mechanism, and then get the computer for more advanced control.

0x02 repair recommendations
In view of this month to fix multiple vulnerabilities affecting serious, some technical details of the disclosure, 360CERT recommended that the majority of users as soon as possible for repair. So as not to subjected to hacker attacks and malware.
360CERT recommendations:
Through the installation of 360 security guards a key to update
A timely manner for the Microsoft Windows version of the update and keep Windows Automatic Updates turned on
A key update scheme

0x03 timeline
2019-04-09 Microsoft released 4 month safety update
2019-04-10 360CERT warning