Language Selection

English French German Italian Portuguese Spanish

It's 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server...

Filed under
Security

It will be a busy day for admins and users of Windows PCs and servers, as Microsoft has released updates for a total of 80 CVE-listed bugs.

Among the more serious issues addressed this month are CVE-2019-1215 and CVE-2019-1214, a pair of elevation-of-privilege vulnerabilities that have been under active attack in the wild.

In both cases, experts say, miscreants are going after older machines. CVE-2019-1215 preys on Winsock, specifically ws2ifsl.sys, a service that has been targeted by malware since 2007, while the exploit for CVE-2019-1214 is largely looking to target Windows 7 boxes. These flaws can give malware on a machine admin-level access to hijack the whole box.

Read more