Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft May 2019 Patch Tuesday arrives with fix for Windows zero-day, MDS attacks

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 15 May 2019 06:53:15 +0000 (UTC)
https://www.zdnet.com/article/microsoft-may-2019-patch-tuesday-arrives-with-fix-for-windows-zero-day-mds-attacks/

By Catalin Cimpanu
Zero Day
ZDNet.com
May 14, 2019
Today, Microsoft released its monthly batch of security updates known as Patch Tuesday, and this month's security release includes fixes for 79 vulnerabilities in a wide range of Microsoft products.
The two headliners of this month's patches are CVE-2019-0863, a zero-day vulnerability exploited in the wild, and ADV190013, a security advisory for dealing with the latest wave of Intel CPU flaws that came to light only a few hours before. 

THE ZERO-DAY
The zero-day is an elevation of privilege vulnerability that exists in the way the Windows Error Reporting (WER) service interacts with files.
Tracked as CVE-2019-0863 and discovered by security researchers from PolarBear and Palo Alto Networks, this vulnerability has been used in the wild by hackers to elevate access on compromised systems from a regular account to one with admin access. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: