Microsoft Corporation issued update package that treats 74 bugs, including two zero-day (0-day) vulnerabilities in different products.Two recently discovered issues as CVE-2019-0803 and CVE-2019-0859 are vulnerabilities of privilege shift that involve Win32k component.
According to Microsoft description, bug exists due to incorrect procession of memory volumes, and its exportation allows using a code in a kernel mode. As a result, hackers may gain access to programs install and removal, change and delete data, create new accounts with full rights etc.
Among others producer repaired a series of critical vulnerabilities in different components, in particular, CVE-2019-0824, CVE-2019-0825 and CVE-2019-0827 in DBMS Microsoft Access and CVE-2019-0853 in Windows GDI+ part. Full list of addressed errors can be found here.