Microsoft releases patch for zero-day in Windows

Yesterday it was Patch Tuesday for Microsoft. The company has solved 62 vulnerabilities in its software this month. Among the fixes there is also a solution for a zero-day vulnerability that was actively exploited. As of today, this is no longer possible with people who update their device.

Microsoft has solved a large number of vulnerabilities. These include critical vulnerabilities, but also slightly less serious problems. Anyway, there are 62 fixes, one of which is very important.

Zero-day solved

The zero-day that is going through life under the name CVE-2018-8589, influenced the Windows Win23k component. Microsoft stated that this is a vulnerability in which malicious parties with access to a device can assign themselves more privileges. An attacker could use it to infect a system and run malware.

Today, Microsoft is solving the zero-day, which according to the company had been found by researchers from Kaspersky Lab. A Kaspersky spokesperson confronts ZDNet with the fact that the zero-day was exploited by various espionage groups. The zero-day was used to increase privileges on 32-bit versions of Windows 7. Last month, Microsoft also closed a similar vulnerability, which had also been found by Kaspersky researchers.

Not solved

Another zero-day that was unveiled at the end of October has not yet been resolved. Last month there was a vulnerability that affected the Windows Data Sharing Service. Unfortunately there wasn’t enough time to make a patch, test it and then roll it out. The researcher who found the vulnerability did not give Microsoft time to look at it before it was revealed.

Other vulnerabilities that Microsoft has solved include Windows, Internet Explorer, Microsoft Edge, the ChakraCore JavaScript engine, .NET Core Framework, Skype for Business and more. Twelve of the vulnerabilities are categorized as critical and needed an immediate solution.