Actively Exploited CVE-2019-0863 Addressed in May 2019 Patch Tuesday
NEWS

Actively Exploited CVE-2019-0863 Addressed in May 2019 Patch Tuesday

Microsoft’s May 2019 Patch Tuesday has already rolled out, containing fixes for 79 vulnerabilities in a number of products. The rollout also includes a security update for Windows XP and Server 2003, which were not included in the mainstream customer support notification.




More attention should be paid to CVE-2019-0863, a zero-day vulnerability exploited in the wild, and ADV190013, a specific security advisory addressing a brand new set of Intel CPU flaws that were just revealed several hours ago. The new vulnerabilities in Intel processors can allow attackers to retrieve data being processed inside a CPU. The most dangerous of the flaws has been dubbed Zombieload – a side-channel attack very similar to the Meltdown, Spectre, and Foreshadow exploits.

More about CVE-2019-0863

According to the official description, this is an elevation of privilege vulnerability which exists in the way Windows Error Reporting (WER) handles files. In case of a successful exploitation, the attacker could run arbitrary code in kernel mode. This could lead to a range of malicious activities such as installing programs, changing or deleting data, and creating new accounts with administrative rights.

CVE-2019-0863 has been exploited in the wild, as revealed by security researchers from PolarBear and Palo Alto Networks. The flaw has been exploited to elevate rights on vulnerable systems from regular accounts to admin access. Not much is known about the actual attacks as details are still kept secret for users to have more time to patch their systems.

Related:
April 2019 Patch Tuesday is here, consisting of fixes for 74 vulnerabilities. Note that two of the flaws (CVE-2019-0803 and CVE-2019-0859 are exploited.
Microsoft Bugs CVE-2019-0803, CVE-2019-0859 Exploited in the Wild.

The bug has been fixed by “correcting the way WER handles files,” as explained by Microsoft. The patch is available for all Windows systems.

As for the rest of the vulnerabilities, 73 are rated important or low. One particular vulnerability has been posted separately as a mitigating update against a wormable threat. The flaw is known under the CVE-2019-0708 identifier, and is a ‘wormable’ flaw in Remote Desktop Services, which Microsoft has patched even in the no longer supported Windows XP and Server 2003 versions.

Products that have been patched in this month’s set of updates include Internet Explorer, Edge, Office, Office Services and Web Apps, Azure DevOps Server, SQL Server, ChakraCore, NuGet, .NET Framework, .NET Core, Team Foundation Server, Visual Studio, Online Services, and Skype for Android.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...