Microsoft fixed vulnerability that was actively used by Russian hackers

microsoft patch
Written by Brendan Smith

This week, Microsoft released another monthly patchset.

In total, the technological giant has eliminated 77 vulnerabilities, two of which pose a particular danger, since cybercriminals are actively used them in real attacks.

These security issues have been assigned the identifiers CVE-2019-0880 and CVE-2019-1132. Both of these gaps lead to an increase in privileges in the attacked system.

In other words, the attackers first penetrate the victim’s computer, and then use the aforementioned holes to enhance rights.

More serious of the two vulnerabilities – CVE-2019-1132 – is contained in the Win32k component. Experts of the antivirus company ESET discovered it when they studied the attacks of hackers connected with the Russian government.

“The zero-day was discovered by ESET as part of the attack chain of a group of Russian state-funded hackers. The company told it plans to publish an in-depth blog post about these attacks and the zero-day soon”, – reported ZDNet journalists.

The second vulnerability (CVE-2019-0880) has the same essence, but affects another component of the system – splwow64.exe. Researchers have found this problem.

Vulnerability affects Windows 10, 8.1, Server 2012, Server 2016, Server 2019, as well as Server 1803 and 1903 versions, but in real attacks it was exploited only in older versions of Windows. Details about the malicious campaigns that used this vulnerability are not yet known.

Experts are strongly recommended to all users to install released tuesday updates.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

Leave a Reply

Sending