Microsoft released its Patch Tuesday fixes this week and the software giant handled 77 vulnerabilities, which included two Zero Day holes that were undergoing exploitation.
The Zero Days are privilege escalation holes that have case numbers of CVE-2019-0880 and CVE-2019-1132.
The holes allow attackers to elevate access rights to a high-privileged account once they get into the system.
One Zero Day, CVE-2019-1132, is a privilege escalation in the Win32k component. ESET discovered it as part of the attack chain of a group of Russian state-funded hackers.
The second Zero Day, CVE-2019-0880, is in Windows’ splwow64.exe.
Obviously, that was not all the issues as Microsoft fixed other vulnerabilities whose exploitation details ended up released.
Those vulnerabilities included: Docker flaw in Azure (CVE-2018-15664), a SymCrypt DoS (CVE-2019-0865), RDP RCE (CVE-2019-0887), Azure automation elevation of privilege (CVE-2019-0962), Microsoft SQL Server RCE (CVE-2019-1068), elevation of privilege vulnerability Windows AppX Deployment Service (CVE-2019-1129).
There are also 15 security flaws that have a critical rating, including remote code execution and memory corruption flaws in the Windows DHCP server service and the Chakra scripting engine used with Microsoft Edge.