Microsoft explains the two vulnerabilities exposed the same vulnerability. Both zero-days allowed attackers to elevate privileges on Win32k, a major part of the running operation of the Windows OS. The company lists the flaws as CVE-2019-0803 and CVE-2019-0859. Microsoft names the vulnerabilities as the same, even though they were both found independently by Kaspersky Lab and Alibaba Cloud Intelligence. Win32k was found to be failing to handle memory properly. An attacker exploiting this flaw could run arbitrary code in the kernel and gain system rights. Once with privileges, a bad actor could make changes to data, delete content, create new accounts, or install other malicious programs. It is worth noting to gain access the attacker would need physical access to log onto the system. Microsoft says the problem has been solved and Win32k now handles memory securely. However, the company says both vulnerabilities have had active exploits. Elsewhere, Microsoft detailed other non-zero-day bugs affecting its services. Three issues were found in Office Access Connectivity (CVE-2019-0824, CVE-2019-0825, CVE-2019-0827). Each of these vulnerabilities would allow hackers to execute malicious code. These are interesting problems because the attacker could exploit them remotely.
Full Patch Tuesday Log
