Casa > cibernético Notícias > Actively Exploited CVE-2019-0797, CVE-2019-0808 fixado em Março 2019 patch Tuesday
CYBER NEWS

Ativamente Exploradas CVE-2019-0797, CVE-2019-0808 fixado em Março 2019 patch Tuesday

marcha 2019 Patch Tuesday é aqui, abordando 64 vulnerabilidades no Windows, 17 dos quais são críticos, 45 importante, OE moderada e uma outra de baixa severidade na classificação. Duas dessas vulnerabilidades, CVE-2019-0797 e CVE-2019-0808, foram explorados na natureza.




This month’s Patch Tuesday addressed flaws in .NET Framework, Microsoft borda, Troca, Internet Explorer, Microsoft Office, Serviços de escritório e aplicativos da Web, NuGet, Team Foundation Server, e Windows. It’s important to note that seven of the vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative.

More about CVE-2019-0797 and CVE-2019-0808

CVE-2019-0797 and CVE-2019-0808 are described as Win32k elevation of privilege vulnerabilities which are nearly identical.

As explained by Trend Micro’s Zero Day Initiative, one was reported by Kaspersky Labs while the other was reported by the Google Threat Analysis Group, which implies both of these have been spotted in targeted malware. The vulnerabilities could allow an attacker to elevate privileges and take over a system after access to this system is already obtained.

relacionado: [wplinkpreview url =”https://sensorstechforum.com/facebook-server-rce-vulnerability/”] Vulnerabilidade Facebook Servidor RCE Divulgada

While flaws in Win32k are rated Important due to the access requirement, the impact of successful attacks shows why they shouldn’t be ignored, os pesquisadores disseram.

As for the rest of the vulnerabilities addressed through this month’s share of patches, nearly all of the critical flaws could lead remote execution attacks, where different versions of Windows 10 and Server editions could be impacted. Most of these vulnerabilities are located in Chakra Scripting Engine, VBScript Engine, DHCP Client, e IE.

The rest of the flaws could be exploited in information disclosure and denial-of-service attacks.

As for users who may experience issues with updates, Microsoft just introduced a new safety feature which is designed to improve the way updates are installed and removed on Windows 10. The new feature will automatically uninstall problematic software updates whenever Windows 10 detects a startup failure. De agora em diante, Microsoft will be removing [wplinkpreview url =”https://sensorstechforum.com/buggy-windows-10-updates-uninstalled-automatically/”] atualizações instaladas recentemente que acabou de buggy.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...