{"id":12976,"date":"2019-03-14T17:36:24","date_gmt":"2019-03-14T13:36:24","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/cve-2019-0797-vulnerability-detected\/12976\/"},"modified":"2019-11-15T15:22:24","modified_gmt":"2019-11-15T11:22:24","slug":"cve-2019-0797-vulnerability-detected","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/cve-2019-0797-vulnerability-detected\/12976\/","title":{"rendered":"CVE-2019-0797: Zero-day exploits keep coming"},"content":{"rendered":"

At the risk of seeming monotonous, we are compelled by circumstances to report that three months after the last zero-day vulnerability was found<\/a>, our proactive technologies have uncovered another Windows exploit. This time, the vulnerability affects many more versions of the operating system: 64-bit Windows 8 and 10 (up to build 15063) find themselves plumb in the danger zone. We duly notified Microsoft, and a patch was included in a system update released on March 12.<\/p>\n

Curiously, though, despite the continual release of updates for current versions, many users are in no hurry to install them for fear of disrupting their computers\u2019 operations. This \u201cwait and see what happens to others\u201d approach is not recommended.<\/p>\n

What is CVE-2019-0797?<\/h2>\n

This is no less than the fourth privilege escalation exploit recently detected by our systems. As in the case of CVE-2018-8589<\/a>, it is a race condition<\/a> error in the win32k.sys driver (technical details are available on Securelist<\/a>). We know about several targeted attacks that made use of this exploit. It potentially allows intruders to gain complete control over the vulnerable system.<\/p>\n

How to avoid problems<\/h2>\n

Our advice remains the same:<\/p>\n