Live Chat
  • One stop service: solve all your problems
  • Orders Tracking and shipped out notification
  • More campaigns, even more discounts!
  • Need help before making an order?
  • Chat with us in real-time.
  • For Aftersale issues, just submit a ticket. We will reply within 24 hours.
  • Multi-language service
  • 24/7 support available
Hi! Log Out Log In SIGN UP
Home > New Gear > Microsoft patched four vulnerabilities found in Window 10 and Windows 2019 Server
Microsoft patched four vulnerabilities found in Window 10 and Windows 2019 Server

Microsoft patched four vulnerabilities found in Window 10 and Windows 2019 Server

By  Ingrid You 2019-06-12 153 0

At the end of the month of May we received a news regarding the security of our equipment. The hacker SandboxEscaper was responsible for publicizing the security breach, bringing to light a threat that Microsoft had not yet patched on its computers.

Almost two weeks have passed and now it seems that Redmond's firm has launched a patch that corrects four of the five existing threats. This is especially important, since the patches launched arrive to "cover" vulnerabilities of day zero (zero day).


Four out of five

The most unique thing about SandboxEscaper is that it had not been the protocol followed in these cases. Instead of granting the grace period of three months, the hacker had announced to the public the existence of such vulnerabilities. The company concerned, in this case Microsoft, had lost the privilege of being warned in advance and in secret to work on the correction of errors.


The truth is that in counterclockwise order and in view of the whole world, the American company has succeeded in mitigating four of the five threats that had been discovered on that occasion:

Remember that these are security flaws in Local Privilege Escalation (LPE) of Windows CVE-2019-1069, CVE-2019-1064, CVE-2019-0973 and a vulnerability that affects Internet Explorer 11.

Name of the threat

CVE

Description

BearLPE

CVE-2019-1069

LPE explodes in Windows Task Scheduler process

SandboxEscape

CVE-2019-1053

SandboxEscape for Internet Explorer 11

CVE-2019-0841-BYPASS

CVE-2019-1064

Patch Bypass CVE-2019-0841

InstallerBypass

CVE-2019-0973

LPE directed to the Windows Installer folder


In the CVE-2019-1053 security bug affecting Internet Explorer (IE), this is a bug that allows attackers to inject DLLs into Microsoft's browser. On the other hand, another bug is related to a previously released patch that affects a privilege defect and overwriting of Windows permissions.

A fifth threat remains to be patched, but Microsoft has not had time to fix the bug since it was released by SandboxEscaper only a few days ago. Therefore, this patch has yet to be released.

To access the new Microsoft security patches, you must use the usual method. Simply go to "Settings > Update and Security > Windows Update". Here is the importance of keeping the operating system up to date.


 You may also want to read:
 MIUI 11: List of Xiaomi devices getting MIUI 11 upgrade leaks
  Xiaomi Mi Max 4 and Mi Max 4 Pro: 48 Mp camera and other rumors
  Xiaomi Mi 9X (Mi A3) specs leaked: equipped with Snapdragon 675

 

Gearbest secure payment methods

 

Extensive Product Selection

● Over 300,000 products

● 20 different categories

● 15 local warehosues

● Multiple top brands

Convenient Payment

● Global payment options: Visa, MasterCard, American Express

● PayPal, Western Union and bank transfer are accepted

● Boleto Bancario via Ebanx (for Brazil)

Prompt Shipping

● Unregistered air mail

● Registered air mail

● Priority line

● Expedited shipping

Dedicated After-sales Service

● 45 day money back guarantee

● 365 day free repair warranty

● 7 day Dead on Arrival guarantee (DOA)

Prev article:Huawei Mate 20 series Ark Compiler/EROFS has been under test and will come soon

Next article:Amazon Echo Show review: is it worth buying?

You might also like: