Two Windows Privilege Escalation Vulnerabilities Exploited in Attacks



The flaw, reported to Microsoft by Resecurity® CEO Gene Yoo, affects Windows 10, 8.1, Server 2012, Server 2016, Server 2019, and Server versions 1803 and 1903. However, exploitation has only been observed against older versions of Windows.

“If you can’t deploy the patch immediately, you should be able to mitigate this vulnerability by disabling the print spooler,” Trend Micro’s Zero Day Initiative (ZDI) recommends.

The second zero-day vulnerability is CVE-2019-1132, a privilege escalation issue related to how the Win32k component handles objects in memory. It can allow an attacker to execute arbitrary code in kernel mode.

“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system,” Microsoft said... Please continue the article at the source


Keep up to date with the latest cybersecurity news and developments.

By subscribing, I understand and agree that my personal data will be collected and processed according to the Privacy and Cookies Policy

Cloud Architecture
Cloud Architecture
445 S. Figueroa Street
Los Angeles, CA 90071
Google Maps
Contact us by filling out the form.
Try Resecurity products today with a free trial