Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft April 2019 Patch Tuesday fixes Windows 0days under attack

Microsoft Patches Windows Privilege Escalation Flaws Exploited in Attacks Microsoft has released its April 2019 Patch Tuesday updates that address over 70 vulnerabilities, including two Windows zero-day flaws. Microsoft has released the April 2019 Patch Tuesday updates that address 74 vulnerabilities, including two Windows zero-days under active attack. April 2019 Patch Tuesday security updates resolve […]

Microsoft Microsoft Patch Tuesday

Microsoft Patches Windows Privilege Escalation Flaws Exploited in Attacks

Microsoft has released its April 2019 Patch Tuesday updates that address over 70 vulnerabilities, including two Windows zero-day flaws.

Microsoft has released the April 2019 Patch Tuesday updates that address 74 vulnerabilities, including two Windows zero-days under active attack.

April 2019 Patch Tuesday security updates resolve over a dozen critical remote code execution and privilege escalation vulnerabilities affecting Windows and Microsoft browsers.

The vulnerabilities exploited in the wild tracked as CVE-2019-0803 and CVE-2019-0859 could allow an attacker to escalate privileges on the target system.

April 2019 Patch Tuesday

Both vulnerabilities tied the way the Win32k component in Windows handles objects in memory, an authenticated attacker could exploit them authenticated to execute arbitrary code in kernel mode.

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” reads the security advisor for the CVE-2019-0803 that is equal to the one for the CVE-2019-0859 flaw.

“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.”

The flaws were respectively discovered by researchers at Kaspersky Lab and Donghai Zhu of the Alibaba Cloud Intelligence Security Team.

Microsoft did not reveal details about the vulnerabilities and the way threat actors have exploited them.

Adobe also released its Patch Tuesday updates for April 2019 that address a total of 43 vulnerabilities affecting the eight products of the company.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Microsoft Patch Tuesday, zero-days)

[adrotate banner=”5″]

[adrotate banner=”13″]