Microsoft July 2019 Patch Tuesday fixes zero-day exploited by Russian hackers

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Microsoft published its monthly roll-up of security updates known as Patch Tuesday. This month, the Redmond-based company patched 77 vulnerabilities, including two zero-days -- security flaws that were being actively exploited in the wild.
The most important of the two zero-days patched today is CVE-2019-1132, a privilege escalation in the Win32k component. The zero-day was discovered by ESET as part of the attack chain of a group of Russian state-funded hackers. The company told ZDNet it plans to publish an in-depth blog post about these attacks and the zero-day tomorrow, July 10.

The second zero-day is CVE-2019-0880. This one is also a privilege escalation, but in splwow64.exe, another Windows core process. This vulnerability was discovered by Resecurity, and no other details about in-the-wild exploitation are currently available

Besides these two highly critical flaws, Microsoft also patched six other vulnerabilities whose exploitation details became public and could have helped attackers; however, they were not exploited until today, when Microsoft shipped patches. These include:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top