Yesterday it was Patch Tuesday for Microsoft. The company has solved 62 vulnerabilities in its software this month. Among the fixes there is also a solution for a zero-day vulnerability that was actively exploited. As of today, this is no longer possible with people who update their device.
Microsoft has solved a large number of vulnerabilities. These include critical vulnerabilities, but also slightly less serious problems. Anyway, there are 62 fixes, one of which is very important.
The zero-day that is going through life under the name CVE-2018-8589, influenced the Windows Win23k component. Microsoft stated that this is a vulnerability in which malicious parties with access to a device can assign themselves more privileges. An attacker could use it to infect a system and run malware.
Today, Microsoft is solving the zero-day, which according to the company had been found by researchers from Kaspersky Lab. A Kaspersky spokesperson confronts ZDNet with the fact that the zero-day was exploited by various espionage groups. The zero-day was used to increase privileges on 32-bit versions of Windows 7. Last month, Microsoft also closed a similar vulnerability, which had also been found by Kaspersky researchers.
Another zero-day that was unveiled at the end of October has not yet been resolved. Last month there was a vulnerability that affected the Windows Data Sharing Service. Unfortunately there wasn’t enough time to make a patch, test it and then roll it out. The researcher who found the vulnerability did not give Microsoft time to look at it before it was revealed.