Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild.
Microsoft today patched 77 vulnerabilities and issued two advisories as part of its July security update. Two of these bugs are under active attack; six were publicly known at the time fixes were released.
Of the CVEs fixed today, 15 were categorized as Critical, 62 were rated Important, and one was ranked Moderate in severity. Patches address vulnerabilities in a range of Microsoft services including Microsoft Windows, Internet Explorer, Office and Office Services and Web Apps, Azure, Azure DevOps, .NET Framework, Visual Studio, SQL Server, ASP.NET, Exchange Server, and Open Source Software.
One of the vulnerabilities under active attack is CVE-2019-1132, a Win32k elevation of privilege flaw that exists when the Win32k component fails to properly handle objects in memory. Successful exploitation could lead to arbitrary code execution in kernel mode, which is normally reserved for trusted OS functions. An attacker would need access to a target system to exploit the bug and elevate privileges.
Source: DRJ New feed