This week, Microsoft released another monthly patchset.
In total, the technological giant has eliminated 77 vulnerabilities, two of which pose a particular danger, since cybercriminals are actively used them in real attacks.These security issues have been assigned the identifiers CVE-2019-0880 and CVE-2019-1132. Both of these gaps lead to an increase in privileges in the attacked system.
In other words, the attackers first penetrate the victim’s computer, and then use the aforementioned holes to enhance rights.
More serious of the two vulnerabilities – CVE-2019-1132 – is contained in the Win32k component. Experts of the antivirus company ESET discovered it when they studied the attacks of hackers connected with the Russian government.
“The zero-day was discovered by ESET as part of the attack chain of a group of Russian state-funded hackers. The company told it plans to publish an in-depth blog post about these attacks and the zero-day soon”, – reported ZDNet journalists.
The second vulnerability (CVE-2019-0880) has the same essence, but affects another component of the system – splwow64.exe. Researchers have found this problem.
Vulnerability affects Windows 10, 8.1, Server 2012, Server 2016, Server 2019, as well as Server 1803 and 1903 versions, but in real attacks it was exploited only in older versions of Windows. Details about the malicious campaigns that used this vulnerability are not yet known.
Experts are strongly recommended to all users to install released tuesday updates.