CVE-2019-0803
published 2019-04-09CVE-2019-0803: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of…
PriorityP187high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
45.23%
98.6th percentile
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The CVE-2019-0803 packer/loader uses PAGE_EXECUTE_READWRITE memory allocation; monitoring for this memory protection flag in Win32k-related processes may aid detection. ↗
- →Samples exploiting CVE-2019-0803 masquerade as Windows update files (e.g., 'Windows-RT-KB-2937636.dll') for persistence via the Windows Run registry key; monitor Run key entries matching this naming pattern. ↗
- →The CVE-2019-0803 exploit packer is shared with CVE-2017-0005 (Jian/APT31); identical packer code across both exploits can be used as a YARA/binary similarity pivot to find related samples. ↗
- ·The SLUB loader exploiting CVE-2019-0803 contained intentionally planted/misleading version resource data; version resource metadata from these samples should not be trusted for attribution or detection. ↗
- ·The 'AddByGod' export function requires a password argument at runtime; the decryption password differs between the CVE-2017-0005 and CVE-2019-0803 samples, so password-based detection signatures must account for variability. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Win32k Privilege Escalation Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2019-0803 [HIGH] Microsoft Win32k Privilege Escalation Vulnerability
Vulnerability: Microsoft Win32k Privilege Escalation Vulnerability
Affected: Microsoft Win32k
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0803
Remediation Due Date: 2022-05-03
Microsoft
Win32k Elevation of Privilege Vulnerability
vendor_msrc·2019-04-09·CVSS 7.0
CVE-2019-0803 [HIGH] Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Elevation of Pri
GHSA
GHSA-vgp9-2hhf-fp9r: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2019-0859 [HIGH] GHSA-vgp9-2hhf-fp9r: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
GHSA
GHSA-6h99-5j8v-7r3p: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2019-0803 [HIGH] GHSA-6h99-5j8v-7r3p: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.
GHSA
GHSA-95q5-9858-rcxm: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2019-0685 [HIGH] GHSA-95q5-9858-rcxm: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859.
Project0
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
project_zero·2020-07-01
CVE-2016-5195 Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
Posted by Maddie Stone, Project Zero
In May 2019, Project Zero released our tracking spreadsheet for 0-days used “in the wild” and we started a more focused effort on analyzing and learning from these exploits. This is another way Project Zero is trying to make zero-day hard. This blog post synthesizes many of our efforts and what we’ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019. In conjunction with this blog post, we are also publishing another blog post today about our root cause analysis work that informed the conclusions in this Year in Review. We are also releasing 8 root cause analyses that we have done for in-the-wild 0-days from 2019.
When I had the idea for this “Year in Review” blog post, I immedi
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-0803 [HIGH] Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Affected: Microsoft Win32k
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2019-Apr; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://cisa.gov/news-events/cybersecurity-advisories/aa20-275a; https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF; https://us-cert.cisa.gov/ncas/alerts/aa20-275a; https://cybersecurit
No detection rules found.
Unit42
Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
blogs_unit42·2023-06-28·CVSS 9.1
CVE-2021-26855 [CRITICAL] Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
Threat Research Center
High Profile Threats
Malware
## Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
Daniel Frank
Published: June 28, 2023
High Profile Threats
Malware
Cryptocurrency
Cryptojacking
CVE-2021-26855
CVE-2021-33766
CVE-2021-34473
CVE-2022-41040
Manic Menagerie
Microsoft Exchange Server
Persistence method
ProxyNotShell
Webshell
## Executive Summary
Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union from late 2020 to late 2022. Unit 42 tracks the activity associated with this campaign as CL-CRI-0021 and believes it stems from the same threat actor responsible for the previous campaign known as Manic Menagerie .
The threat actor deployed coin m
Unit42
Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
blogs_unit42·2023-06-28
Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
## Executive Summary
Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union from late 2020 to late 2022. Unit 42 tracks the activity associated with this campaign as CL-CRI-0021 and believes it stems from the same threat actor responsible for the previous campaign known as Manic Menagerie.
The threat actor deployed coin miners on hijacked machines to abuse the compromised servers’ resources. They have further deepened their foothold in victims’ environments by mass deployment of web shells, which granted them sustained access, as well as access to internal resources of the compromised websites.
In doing so, the attackers could potentially have turned the hijacked legitimate websites – hosted by the tar
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyberbedrohungen
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabili
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay 2021/04/28 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilities
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Minacce cyber
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Ciberamenazas
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
# How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay
2021/04/28
Read time: ( words)
Save to Folio
Photo credit: pxhere
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands o
Checkpoint
The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
blogs_checkpoint·2021-02-22
CVE-2017-0005 The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
Research by: Eyal Itkin and Itay Cohen
There is a theory which states that if anyone will ever manage to steal
Trendmicro
Who is the Threat Actor Behind Operation Earth Kitsune?
blogs_trendmicro·2020-12-15
Who is the Threat Actor Behind Operation Earth Kitsune?
# Who is the Threat Actor Behind Operation Earth Kitsune?
Recently, we uncovered the Operation Earth Kitsune campaign and published a detailed analysis of its tactics, techniques, and procedures (TTPs). While analyzing the technical details of this malware, which includes two new espionage backdoors, we noticed striking similarities to other malware attributed to the threat actor known as APT37, also known as Reaper or Group 123.
By: William Gamazo Sanchez
2020/12/15
Read time: ( words)
Save to Folio
Determining who is behind a malware campaign can be a challenging endeavor. Threat actors generally don’t leave easily identifiable signatures in software designed to disrupt or otherwise harm an adversary. However, by comparing key pieces of information with known sources, it is possible
Tenable
Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
blogs_tenable·2020-10-23
Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities | Qualys
blogs_qualys·2020-10-22·CVSS 9.8
CVE-2020-15505 [CRITICAL] NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities | Qualys
#### Table of Contents
- Detect 25 Publicly Known Vulnerabilities using VMDR
Update November 25, 2020: The UK National Cyber Security Centre alerts that APT nation-state groups and cybercriminals are exploiting MobileIron RCE vulnerability (CVE-2020-15505).
Original post: On October 20, 2020, the United States National Security Agency (NSA) released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking operations.
“Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and
mitigation efforts,” said the NSA advisory. It also recommended “crit
Qualys
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
blogs_qualys·2020-10-22·CVSS 10.0
CVE-2020-15505 [CRITICAL] NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
## Table of Contents
Detect 25 Publicly Known Vulnerabilities using VMDR
Update November 25, 2020 : The UK National Cyber Security Centre alerts that APT nation-state groups and cybercriminals are exploiting MobileIron RCE vulnerability (CVE-2020-15505).
Original post : On October 20, 2020, the United States National Security Agency (NSA) released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking operations.
“Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts,” said the NSA advisory. It also recommended “critic
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Sfruttamento vulnerabilità
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research 2019/04/10 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Se
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Ausnutzung von Schwachstellen
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Offi
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Krebs
Patch Tuesday Lowdown, April 2019 Edition
blogs_krebs·2019-04-10·CVSS 7.8
CVE-2019-0803 [HIGH] Patch Tuesday Lowdown, April 2019 Edition
Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows , Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange . Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player .
According to security firm Rapid 7 , two of the vulnerabilities — CVE-2019-0803 and CVE-2019-0859 — are already being exploited in the wild. They can result in unauthorized elevation of privilege, and affect all supported versions of Windows.
“An attacker must already have local access to an affected system to use these to gain kernel-level code execution capabilities,” Rapid7 researche
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits y vulnerabilidades
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research
Apr 10, 2019
Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research
2019/04/10
Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Se
Qualys
April 2019 Patch Tuesday - 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns | Qualys
blogs_qualys·2019-04-09·CVSS 7.8
[HIGH] April 2019 Patch Tuesday - 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns | Qualys
This month’s Patch Tuesday addresses 74 vulnerabilities, with 16 labeled as Critical. Eight of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office, along with another 5 Critical vulns in MSXML. Two Critical remote code execution (RCE) vulnerabilities are patched in GDI+ and IOleCvt. Two privilege escalation vulns in Win32k are reported as Actively Attacked, while another in the Windows AppX Deployment Service has a public PoC exploit.
### Workstation Patches
Scripting Engine and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### Actively Attacked Privileg
Qualys
April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns
blogs_qualys·2019-04-09·CVSS 7.8
[HIGH] April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns
This month’s Patch Tuesday addresses 74 vulnerabilities, with 16 labeled as Critical. Eight of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office, along with another 5 Critical vulns in MSXML. Two Critical remote code execution (RCE) vulnerabilities are patched in GDI+ and IOleCvt. Two privilege escalation vulns in Win32k are reported as Actively Attacked, while another in the Windows AppX Deployment Service has a public PoC exploit.
## Workstation Patches
Scripting Engine and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## Actively Attacked Privilege
Zscaler
Zscaler found Multiple Security Vulnerabilities | 04-09-2019
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 04-09-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Threat Intel
Tonto Team (Tonto Team, Earth Akhlut, BRONZE HUNTLEY)
threat_intel·CVSS 7.8
[HIGH] Tonto Team (Tonto Team, Earth Akhlut, BRONZE HUNTLEY)
# Threat Actor Profile: Tonto Team
ATT&CK ID: G0131
Also known as: Tonto Team, Earth Akhlut, BRONZE HUNTLEY, CactusPete, Karma Panda
Suspected origin: China
## Overview
Tonto Team is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by 2020 they expanded operations to include other Asian as well as Eastern European countries. Tonto Team has targeted government, military, energy, mining, financial, education, healthcare, and technology organizations, including through the Heartbeat Campaign (2009-2012) and Operation Bitter Biscuit (2017).(Citation: Kaspersky CactusPete Aug 2020)(Citation: ESET Exchange Mar 2021)(Citation: FireEye Chinese Espionage October 2019)(Citation: ARS Te
http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0803
2019-04-09
Published
2021-11-03
Added to CISA KEV
Exploited in the wild