Recent Comments

    Blogroll

    Search

    Windows 10 May 2019 Zero Day Vulnerabilities

    May 27th, 2019 by

    May 2019 0-day disclosures

    Executive summary

    Over the past week, starting on Tuesday, May 21, a security researcher publicly disclosed multiple elevation-of-privilege vulnerabilities by posting proof-of-concept code on GitHub. Successful exploitation of these vulnerabilities requires an attacker to already have code execution.

    At the time of publication, the researcher has released five sets of proof-of-concept code, including exploits for four zero-day vulnerabilities, all affecting different Windows components. The fifth proof-of-concept code targeted a vulnerability (CVE-2019-0863) that was addressed in May 2019.

    Microsoft is actively preparing a host of protections to detect and stop known exploitation methods. Customers are advised to review the listed mitigations. Ensure your antimalware products are up-to-date and turn on automatic updates so that security updates are promptly deployed as soon as they become available.

    At the time of publication, there are no active attacks in the wild exploiting the disclosed vulnerabilities.

    Posted in Malware | No Comments »



    Leave a Reply