NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge

Trending CVEs for the Week of April 22nd, 2019

CVE-2019-0859 – Yet Another Windows Zero-Day Vulnerability

Last week, we covered an elevation of privilege vulnerability in Win32k component of Microsoft Windows operating system- CVE-2019-0859. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode – think superuser – and take over the targeted machine. The attacker can fully compromise the integrity of any data the machine processes.

Description

For details about the vulnerability and references to advisories, please see our original post here. https://nopsec.wpengine.com/trending-cves-for-the-week-of-apr-15-2019/

Trends and Updates

While the references to this vulnerability in social media have been on a decline, it remains the most talked about vulnerability for this week as well. This is not surprising since this the fifth local privilege escalation zero-day vulnerability that has affected Microsoft Windows since October 2018. The figure below shows daily count of Twitter mentions over time for the CVE-2019-0859 (as of April 24th).

CVE-2019-0859

Conclusion

Even though some resources claim that this vulnerability is extremely targeted which is affecting victims in middle eastern region, Microsoft confirmed no active exploits for CVE-2019-0859.

Reference

Kaspersky Lab Technical Details

Threatpost Report

Microsoft Advisory and Updates

Latest Hacking News

Share your thoughts in our community!

Click Here

Schedule a Product Demo Today!

See how NopSec's end-to-end Cyber Exposure Management platform can organize your security chaos.