Home > Cyber News > Actively Exploited CVE-2019-0863 Addressed in May 2019 Patch Tuesday

Actively Exploited CVE-2019-0863 Addressed in May 2019 Patch Tuesday

Microsoft’s May 2019 Patch Tuesday has already rolled out, containing fixes for 79 vulnerabilities in a number of products. The rollout also includes a security update for Windows XP and Server 2003, which were not included in the mainstream customer support notification.

More attention should be paid to CVE-2019-0863, a zero-day vulnerability exploited in the wild, and ADV190013, a specific security advisory addressing a brand new set of Intel CPU flaws that were just revealed several hours ago. The new vulnerabilities in Intel processors can allow attackers to retrieve data being processed inside a CPU. The most dangerous of the flaws has been dubbed Zombieload – a side-channel attack very similar to the Meltdown, Spectre, and Foreshadow exploits.

More about CVE-2019-0863

According to the official description, this is an elevation of privilege vulnerability which exists in the way Windows Error Reporting (WER) handles files. In case of a successful exploitation, the attacker could run arbitrary code in kernel mode. This could lead to a range of malicious activities such as installing programs, changing or deleting data, and creating new accounts with administrative rights.

CVE-2019-0863 has been exploited in the wild, as revealed by security researchers from PolarBear and Palo Alto Networks. The flaw has been exploited to elevate rights on vulnerable systems from regular accounts to admin access. Not much is known about the actual attacks as details are still kept secret for users to have more time to patch their systems.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2019-0803-cve-2019-0859-exploited/”] Microsoft Bugs CVE-2019-0803, CVE-2019-0859 Exploited in the Wild.

The bug has been fixed by “correcting the way WER handles files,” as explained by Microsoft. The patch is available for all Windows systems.

As for the rest of the vulnerabilities, 73 are rated important or low. One particular vulnerability has been posted separately as a mitigating update against a wormable threat. The flaw is known under the CVE-2019-0708 identifier, and is a ‘wormable’ flaw in Remote Desktop Services, which Microsoft has patched even in the no longer supported Windows XP and Server 2003 versions.

Products that have been patched in this month’s set of updates include Internet Explorer, Edge, Office, Office Services and Web Apps, Azure DevOps Server, SQL Server, ChakraCore, NuGet, .NET Framework, .NET Core, Team Foundation Server, Visual Studio, Online Services, and Skype for Android.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree