Erros da Microsoft CVE-2019-0803, CVE-2019-0859 explorado no selvagem
CYBER NEWS

Erros da Microsoft CVE-2019-0803, CVE-2019-0859 explorado no selvagem

abril 2019 Patch Tuesday is here, consisting of fixes for 74 vulnerabilidades.

Note that two of the flaws (CVE-2019-0803 and CVE-2019-0859, see details below) are actively exploited in attacks in the wild. 13 of the vulnerabilities are rated critical, and 61are important.




This month’s share of patches are addressing issues in several Microsoft products and services, such as Internet Explorer, Beira, ChakraCore, janelas, Microsoft Office / Office Services and Web Apps, .NET and ASP .NET, Exchange Server, Estúdio visual, Skype para Empresas, Azure DevOps Server, Open Enclave SDK, Team Foundation Server.

More about CVE-2019-0803 and CVE-2019-0859

CVE-2019-0803 and CVE-2019-0859 are Win32k privilege escalation vulnerabilities in which are nearly identical to other flaws patched last month.

CVE-2019-0803 is an elevation of privilege vulnerability in Windows which is triggered when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits the flaw could run arbitrary code in kernel mode. This would enable the attacker to install programs, and perform other malicious activities such as viewing, changing, or deleting data, or even creating new accounts with full user rights.

relacionado: Actively Exploited CVE-2019-0797, CVE-2019-0808 Fixed in March 2019 patch Tuesday.

CVE-2019-0859 is also an elevation of privilege vulnerability which exists in Windows when the Win32k component fails to properly handle objects in memory, disseram pesquisadores.

Em resumo, both vulnerabilities give elevated privileges to attacker without authorization, which enables a range of malicious activities with full user rights.

More about CVE-2019-0853 and CVE-2019-0688

These are two other vulnerabilities which deserve more attention.

CVE-2019-0853 is a described as a GDI+ remote code execution vulnerability. Como explicado by TrendMicro researchers, “a number of Microsoft programs, notably the OS and Office suite, use the GDI+ component. Discovered by ZDI’s Hossein Lotfi, this vulnerability occurs when parsing EMF file records. A specially crafted EMF file record can trigger access of an uninitialized pointer, which allows an attacker to execute arbitrary code.”

CVE-2019-0688 is a Windows TCP/IP information disclosure vulnerability which concerns the issue of IP fragmentation. The vulnerability resides in the Windows TCP/IP stack, and it could allow information disclosure from improperly handling fragmented IP packets. The flaw could expose data such as SAS token and resource IDs, researchers warned.

Avatar

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum para 4 anos. Gosta de ‘Sr.. Robot’e medos‘1984’. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...