Microsoft confirmed the vulnerability and designated it CVE-2019-0859.
The flaw is a use-after-free issue in the Windows kernel that allows local privilege escalation.
CVE-2019-0859is a Use-After-Free vulnerability that is presented in the CreateWindowEx function.
During execution CreateWindowEx sends the message WM_NCCREATE to the window when its first created.
The update addresses this vulnerability by correcting how Win32k handles objects in memory, the researchers added.
This is the fifth consecutive LPE zero-day vulnerability found in Windows in recent months by the Kaspersky Lab researchers.
Kaspersky suggests Windows users to install Microsofts patch for the new vulnerability as early as possible.
They also recommend to keep updating all the software on a regular basis.
Source:Kaspersky
Read More
source: www.techworm.net
