SandboxEscaper re-launched a new privilege escalation 0day code, which were full of hatred for Microsoft female hacker once again beat a patch for CVE-2019-0841 Microsoft released in April, and as usual, released a proof of concept exploit comes exploit code, which means that other hackers can quickly reference their attack methods to make malware Windows system.
Fortunately, however, is the vulnerability to run code on the local computer, can not achieve long-range attack, the more hazardous place is that it allows hackers have limited privileges to gain full control of the protected files, such as her demonstration of the vulnerability of win.ini.
CERT / CC has confirmed that this applies to exploit to run Microsoft's latest security updates for Windows 10 versions 1809 and 1903.
Since August 2018, SandboxEscaper been frantically released nine 0day attacks.
Read more: https://github.com/SandboxEscaper/polarbearrepo/tree/master/ByeBear
Source: cnBeta.COM
More info
Microsoft denies Windows Remote Desktop Network Authentication Vulnerability: This is a feature
Security researchers said, Windows 1903 update existing network authentication (NLA) bug, could be exploited by attackers to control the remote sessions. It is reported that, NLA designed to prevent an attacker to remotely log in to the user's Windows PC. It will require registrants to provide the necessary details in order to authenticate. Originally attacker should not be aware of these details unless you had to share with the outside world.
Source: cnBeta.COM
Details: http://www.dbsec.cn/zx/20190609-2.html
Enhance diversity: Google can now filter out duplicate the top search results on the site
When the need to search for popular events, users often see a lot of repetitive search results from the same site. But after the new policy goes into effect, Google will work to enhance the diversity of search results, filter out repetitive content from the same site. Google through the official Twitter announce that this change is after listening to the feedback from users implemented.
Source: cnBeta.COM
Details: http://www.dbsec.cn/zx/20190609-3.html
Exim mail server broke the high-risk vulnerabilities
Exim mail server broke open a high-risk vulnerabilities affect versions 4.87 to 4.91, could allow an attacker to local and remote attackers in some cases execute commands on the server with root privileges. To remotely exploit the vulnerability, an attacker would need to keep the mail server vulnerable connected seven days, it is necessary to transmit one bit every few minutes.
Source: solidot.org
Details: http://www.dbsec.cn/zx/20190609-4.html
(Information from the network, Anwar gold collected more)