Microsoft has released the April 2019 Patch Tuesday updates that address 74 vulnerabilities, including two Windows zero-days under active attack.
April 2019 Patch Tuesday security updates resolve over a dozen critical remote code execution and privilege escalation vulnerabilities affecting Windows and Microsoft browsers.
Both vulnerabilities tied the way the Win32k component in Windows handles objects in memory, an authenticated attacker could exploit them authenticated to execute arbitrary code in kernel mode.
“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” reads the security advisor for the CVE-2019-0803 that is equal to the one for the CVE-2019-0859 flaw.
“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory.”
Microsoft did not reveal details about the vulnerabilities and the way threat actors have exploited them.
Adobe also released its Patch Tuesday updates for April 2019 that address a total of 43 vulnerabilities affecting the eight products of the company.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.