silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Microsoft published its monthly roll-up of security updates known as Patch Tuesday. This month, the Redmond-based company patched 77 vulnerabilities, including two zero-days -- security flaws that were being actively exploited in the wild.
The most important of the two zero-days patched today is CVE-2019-1132, a privilege escalation in the Win32k component. The zero-day was discovered by ESET as part of the attack chain of a group of Russian state-funded hackers. The company told ZDNet it plans to publish an in-depth blog post about these attacks and the zero-day tomorrow, July 10.
The second zero-day is CVE-2019-0880. This one is also a privilege escalation, but in splwow64.exe, another Windows core process. This vulnerability was discovered by Resecurity, and no other details about in-the-wild exploitation are currently available
Besides these two highly critical flaws, Microsoft also patched six other vulnerabilities whose exploitation details became public and could have helped attackers; however, they were not exploited until today, when Microsoft shipped patches. These include:
- CVE-2018-15664 (Docker flaw in Azure)
- CVE-2019-0865 (SymCrypt DoS)
- CVE-2019-0887 (RDP RCE, see here)
- CVE-2019-0962 (Azure Automation elevation of privilege)
- CVE-2019-1068 (Microsoft SQL Server RCE)
- CVE-2019-1129 (ZDNet coverage here)