Latest Microsoft Update Patches New Windows 0-Day Under Active Attack
With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.
Other vulnerabilities patched by Microsoft this month and marked as important reside in the following Microsoft products and services:
- Windows Operating System
- Windows Kernel
- Windows Remote Desktop Protocol (RDP)
- Microsoft Word
- Microsoft Excel
- Microsoft SQL Server Reporting Services
- Microsoft Access software
- Windows GDI component
- Windows Hyper-V
- Windows Printer Service
- Windows COM Server
- Windows Media Player
- Windows OLE
- Visual Studio Live Share
- Microsoft Authentication Library for Android
- Microsoft Defender
- Skype for Business and Lync
- Git for Visual Studio
Most of these vulnerabilities allow information disclosure and elevation of privilege, and some also lead to remote code execution attacks, while others allow cross-site scripting (XSS), security feature bypass, spoofing, tampering, and denial of service attacks.
For installing the latest Windows security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your PC, or you can install the updates manually.