Microsoft has released the CVE-2019-0863 bug fix to patch a bug that is using elevation-of-privileges vulnerabilities. The bug is actively being exploited and noted in the Microsoft May Patch Tuesday security bulletin.
Linked to Windows Error Reporting features, the CVE-2019-0863 weakness can be used by hackers who have already gained local access to computer systems. It is one of 80 vulnerabilities that are being addressed by the Tuesday patch, including 22 critical vulnerabilities and 57 important weaknesses.
How the CVE-2019-0863 bug works
The bug can be used to trigger an arbitrary code execution in kernel mode, which will completely compromises the system that is being attacked. First, the hacker gains access to run a piece of code on the targetted network, followed by the malware that then elevates the access privileges from user to admin.
No specific attack cases have been made public. However it is likely being used to attack specific targets at this moment.
Intel Micro-architectural Data Sampling vulnerabilities
Microsoft has also given advice on mitigating recent Intel flaws. These include software updates that have been released to tackle these side-channel issues including the Intel Microarchitectural Data Sampling vulnerabilities.
This issue comprises of four attack vectors named Fallout, ZombieLoad, Store-to-Leak Forwarding, and Rogue In-Flight Data Load (RIDL). Software and firmware updates are required to protect against cyber attacks, including the implementation of microcode for device OEMs.
WannaCry-Level event patch
A further bug has been identified with a potential to cause global disruption, similar to that caused by WannaCry. System admins are advised to deploy bug fixes for remote code execution vulnerabilities in Remote Desktop Services, identified in the common vulnerabilities and exposures listing CVE-2019-0708.
The weakness can be used to create a fast-moving malware attack similar to WannaCry. CVE-2019-0708 poses a level of seriousness for Microsoft to recognise the potential dangers and issue patches for Windows 2003 and Windows XP, which do not usually receive the Patch Tuesday updates. This also applies for Windows 7, Server 2003, XP, and Server 2008 R2.
A DHCP patch has been released for a critical bug labelled CVE-2019-0725, which is relevant to Windows DHCP Server and remote code execution. Any hacker who can send packet to a DHCP server can exploit this vulnerability.
These patches follow a month where Adobe has issued patches for 87 vulnerabilities and Apple has released patches to address 173 vulnerabilities. Skype for Android has also identified a weakness labelled CVE-2019-0932, where an attacker is able snoop on conversations undetected.
Contact OmniCyberSecurity for more information about the CVE-2019-0863 bug.