Windows 10

Patch Tuesday April 2019

This month Windows is patched for two zero-day flaws, Windows 7 and Windows Server 2008 R2 users report that devices with Sophos Antivirus can’t log in after installing KB4493472 and authentication failures to services configured with unconstrained delegation.

Windows 10, Windows Server 2016, and Windows Server 2019

This month there are 36 fixes for flaws in Windows 10 version 1809. CVE-2019-0803 and CVE-2019-0859 are zero-days reported by Alibaba Cloud Intelligence Security Team and Kaspersky Lab respectively. Both are an elevation of privilege (EOP) flaws where the Win32k component improperly handles objects in memory, potentially allowing an attacker to run arbitrary code in kernel mode. An attacker would need to log in to Windows to be able to exploit this flaw. There are no further details about the vulnerabilities other than that they have both been actively exploited.

8 remote code execution (RCE) bugs rated critical have been patched. One in the Windows IOleCvt interface could let an attacker run malicious code from an ASP webpage, or Microsoft Office document with embedded ActiveX Control, and take control of a system. A flaw in the Windows Graphics Device Interface (GDI) could also let an attacker take control of a system. Similar vulnerabilities affect Hyper-V vSMB and Microsoft XML Core Services.

Sponsored Content

Devolutions Remote Desktop Manager

Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.

Windows 7 and Windows Server 2008 R2

Windows 7 gets patches for 6 critical bugs affecting the IOleCvt interface, the Windows Graphics Device Interface (GDI), and Microsoft XML Core Services. It also gets patches for the CVE-2019-0803 and CVE-2019-0859 zero-days which affect Windows 10.

After installing this month’s monthly rollup for Windows 7 SP1 (KB4493472), some users are reporting that after rebooting, they are unable to log in to their systems. At present, this seems to affect users that have Sophos Endpoint Antivirus software installed. Microsoft has announced that it is now blocking KB4493472 for devices running Sophos Endpoint until a solution has been found.

Another issue being reported is that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires. You might see this manifest itself in the SQL Server service failing. Microsoft has published a few workarounds which involve changing to constrained delegation, restarting the affected application, or purging Kerberos tickets on the application server. For more information on both issues affecting KB4493472, see Microsoft’s website here.

Microsoft Office

7 vulnerabilities are patched in Office 365 ProPlus, all rated important. 6 are RCEs and the remaining bug EOP. CVE-2019-0822 is a Microsoft Graphics Components flaw that could allow an attacker to run arbitrary code by tricking users into opening a specially crafted file. Both SharePoint and Exchange get patches for 2 spoofing vulnerabilities.


This month Adobe released patches for Flash Player, Adobe Reader, and Acrobat. Flash updates are automatically downloaded by Windows Update for Internet Explorer and Edge. Google Chrome users will also receive the updates automatically.

Adobe also announced end-of-life for Shockwave Player. Remember that? What this announcement means is that there will be no more security updates for Shockwave. If you have Shockwave installed on your systems, you should look at removing it as quickly as possible.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
The World’s Most Comprehensive Teams to Teams Migration Checklist

Whether you have just started thinking about migration or have already begun to move, our Microsoft Teams Migration Checklist can help guide you through the different phases for a Teams migration to another tenant.

This detailed six-step guide will walk you through key decision points while also providing more prescriptive best practice recommendations where appropriate.

Discover key insights for the following phases of a Teams migration: 

  • Discovery
  • Pilot
  • Planning
  • Communication
  • Execution
  • Validation

Sponsored by: