April's Patch Tuesday Fixes Two Vulnerabilities Being Exploited in the Wild | Cell Phone Spy and Mobile Tracking Software
Microsoft's April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework and ASP.NET, Exchange Server, Visual Studio, Skype for Business, Azure DevOps Server, Open Enclave SDK, and Team Foundation Server. Two of the vulnerabilities were disclosed via the Zero Day Initiative (ZDI). CVE-2019-0803 and CVE-2019-0859 are two Win32k Elevation of Privilege vulnerabilities actively being exploited, very similar to Win32k vulnerabilities addressed in March. If successfully exploited, these vulnerabilities could provide attackers with elevated privileges without authorization, allowing them to install programs, manipulate data,