Microsoft published its monthly roll-up of security updates known as Patch Tuesday. This month, the Redmond-based company patched 77 vulnerabilities, including two zero-days -- security flaws that were being actively exploited in the wild.
The most important of the two zero-days patched today is CVE-2019-1132, a privilege escalation in the Win32k component. The zero-day was discovered by ESET as part of the attack chain of a group of Russian state-funded hackers. The company told ZDNet it plans to publish an in-depth blog post about these attacks and the zero-day tomorrow, July 10.
The second zero-day is CVE-2019-0880. This one is also a privilege escalation, but in splwow64.exe, another Windows core process. This vulnerability was discovered by Resecurity, and no other details about in-the-wild exploitation are currently available
Besides these two highly critical flaws, Microsoft also patched six other vulnerabilities whose exploitation details became public and could have helped attackers; however, they were not exploited until today, when Microsoft shipped patches. These include: