Quote:Today is Microsoft's July 2019 Patch Tuesday, which means that everyone should be especially nice to your Windows administrators today as they begin testing and potentially deploying updates. Included in this month's updates are fixes for five publicly disclosed vulnerabilities, but not exploited, and two zero-day vulnerabilities that were actively exploited in the wild.
With the release of the July 2019 security updates, Microsoft has released 1 advisories, 1 servicing stack update, and updates for 77 vulnerabilities. Of these vulnerabilities, 15 are classified as Critical.
For information about the non-security Windows updates, you can read about today's Windows 10 July 2019 Cumulative Updates.
All users should install these security updates as soon as possible to protect Windows from security risks.
With today's security update release, Microsoft has fixed two actively exploited vulnerabilities that could allow programs to run with higher privilege levels.
The first zero-day is titled "CVE-2019-1132 - Win32k Elevation of Privilege Vulnerability" and was discovered by Anton Cherepanov, Senior Malware Researcher of ESET. If exploited, this vulnerability could allow an attacker to "run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
The second vulnerability is titled "CVE-2019-0880 - Microsoft splwow64 Elevation of Privilege Vulnerability" and was discovered by Gene Yoo of ReSecurity. This is the same security firm that discovered the Citrix hack that was disclosed in March. BleepingComputer has attempted to contact them, but had not heard back at this time.
SOURCE: https://www.bleepingcomputer.com/news/mi...abilities/
![[-]](https://www.geeks.fyi/images/collapse.png)
