...
The flaw, reported to Microsoft by Resecurity® CEO Gene Yoo, affects Windows 10, 8.1, Server 2012, Server 2016, Server 2019, and Server versions 1803 and 1903. However, exploitation has only been observed against older versions of Windows.
“If you can’t deploy the patch immediately, you should be able to mitigate this vulnerability by disabling the print spooler,” Trend Micro’s Zero Day Initiative (ZDI) recommends.
The second zero-day vulnerability is CVE-2019-1132, a privilege escalation issue related to how the Win32k component handles objects in memory. It can allow an attacker to execute arbitrary code in kernel mode.
“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system,” Microsoft said... Please continue the article at the source
