This month's security release addresses 74 vulnerabilities in a wide range of Microsoft products, including two actively exploited zero-days. Both are elevation of privilege vulnerabilities impacting Win32k, a core component of the Windows operating system. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. However, if we take into account that Kaspersky has reported to Microsoft six Windows Win32k elevation of privilege zero-days in the past six months, we can safely assume that CVE-2019-0859 is another zero-day exploited by a nation-state hacking group, just like all the zero-days Kaspersky has reported in the past. For example, there are three Microsoft Office Access Connectivity bugs (CVE-2019-0824, CVE-2019-0825, CVE-2019-0827) that can allow attackers to execute code on vulnerable systems.