Windows 10 Update Plugs Two Already-Exploited Bugs, But There’s More

By Bill Toulas / March 13, 2019

Microsoft has just released this month’s cumulative update (KB4489899 – 17763.379) for Windows 10, fixing a total of 64 bugs, 17 critical vulnerabilities, and two Win32k holes (CVE-2019-0797, CVE-2019-0808) that were already under active exploitation. These two bugs allowed for “elevation of privilege” activity through the remote execution of code in kernel mode which would give complete access and permission to the attacker to create or delete accounts, files, etc. This means that if you haven’t updated your operating system yet, you should do so immediately. Other important fixes include an “Active Directory” elevation of privilege vulnerability and a Windows DoS bug.

The Microsoft lists the following key changes while noting that no new features have been introduced with this update:

In the meantime, a security researcher (John Page) has published a proof of concept that unveils another vulnerability that hasn’t been fixed in this update. According to the researcher, an attacker could spoof a Windows dialog box to plant malware into the victim’s system, or perform any other change in the Windows registry by altering what the “Yes” and “No” options in the warning dialog do. So, if the victim clicks the “Yes” button, the process continues.

“The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.”

To this, Microsoft responded by telling the researcher that “The issue submitted does not meet the severity bar for servicing via a security update.” This practically means that they are not planning to fix the bug, a decision that is confusing, to say the least. Microsoft backs this decision by putting the blame on the user, who downloads and runs files from untrusted sources. In addition to that, the flaw needs the user's interaction to work. With the proof of concept code out there however, they should have taken a different approach on this matter.

Do you generally download and run software from untrusted sources on your Windows installation? Let us know in the comments section below, and don’t forget to like and subscribe to our socials, on Facebook and Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: