This security update addresses vulnerabilities found in Microsoft Windows. Once successfully exploited, it could allow elevation of privilege once attacker logs on locally and runs arbitrary code on the system thus compromising its security. This update also covers CVE-2015-1701, a Win32k elevation of privilege vulnerability that has been used in a targeted attack.
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.