Microsoft Bugs CVE-2019-0803, CVE-2019-0859 Exploited in the Wild
NEWS

Microsoft Bugs CVE-2019-0803, CVE-2019-0859 Exploited in the Wild

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

April 2019 Patch Tuesday is here, consisting of fixes for 74 vulnerabilities.

Note that two of the flaws (CVE-2019-0803 and CVE-2019-0859, see details below) are actively exploited in attacks in the wild. 13 of the vulnerabilities are rated critical, and 61are important.




This month’s share of patches are addressing issues in several Microsoft products and services, such as Internet Explorer, Edge, ChakraCore, Windows, Microsoft Office / Office Services and Web Apps, .NET and ASP .NET, Exchange Server, Visual Studio, Skype for Business, Azure DevOps Server, Open Enclave SDK, Team Foundation Server.

More about CVE-2019-0803 and CVE-2019-0859

CVE-2019-0803 and CVE-2019-0859 are Win32k privilege escalation vulnerabilities in which are nearly identical to other flaws patched last month.

CVE-2019-0803 is an elevation of privilege vulnerability in Windows which is triggered when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits the flaw could run arbitrary code in kernel mode. This would enable the attacker to install programs, and perform other malicious activities such as viewing, changing, or deleting data, or even creating new accounts with full user rights.

Related:
CVE-2019-0797 and CVE-2019-0808 are described as Win32k elevation of privilege vulnerabilities which are nearly identical.
Actively Exploited CVE-2019-0797, CVE-2019-0808 Fixed in March 2019 Patch Tuesday.

CVE-2019-0859 is also an elevation of privilege vulnerability which exists in Windows when the Win32k component fails to properly handle objects in memory, researchers said.

In short, both vulnerabilities give elevated privileges to attacker without authorization, which enables a range of malicious activities with full user rights.

More about CVE-2019-0853 and CVE-2019-0688

These are two other vulnerabilities which deserve more attention.

CVE-2019-0853 is a described as a GDI+ remote code execution vulnerability. As explained by TrendMicro researchers, “a number of Microsoft programs, notably the OS and Office suite, use the GDI+ component. Discovered by ZDI’s Hossein Lotfi, this vulnerability occurs when parsing EMF file records. A specially crafted EMF file record can trigger access of an uninitialized pointer, which allows an attacker to execute arbitrary code.”

CVE-2019-0688 is a Windows TCP/IP information disclosure vulnerability which concerns the issue of IP fragmentation. The vulnerability resides in the Windows TCP/IP stack, and it could allow information disclosure from improperly handling fragmented IP packets. The flaw could expose data such as SAS token and resource IDs, researchers warned.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...