Patch Tuesday Clears Zero Day

Thursday, December 13, 2018 @ 02:12 PM gHale

Patch Tuesday for Microsoft this month plugged 38 security holes, one of which is an active Zero Day, and nine more considered critical.

The Zero Day is a Windows vulnerability known to have been used in attacks. This vulnerability has been assigned the case number CVE-2018-8611 and allows attackers to exploit a bug in the Windows Kernel to execute programs at a higher privilege level.

Windows Update to Patch Flash Zero Day
Adobe Clears Flash Zero Day
Techniques can Expose Browsing History
Untrained Staff Top Cyber Risk: Report

The vulnerability ends up caused “when the Windows kernel fails to properly handle objects in memory,” Microsoft said. This allows an attacker to execute code in the Kernel, which essentially gives them full control over the computer. In order to exploit this vulnerability, the targeted user would first need to be logged into the PC.

This bug was discovered by Kaspersky, and according to the Zero Day Initiative also indicates the exploit is probably being used in malware. This type of attack exploit is well suited for malware, which is already running under a logged in user’s credentials.

Among some of the other vulnerabilities is CVE-2018-8611, an elevation of privilege vulnerability that arises when the Windows kernel fails to properly handle objects in memory.

Additionally, CVE-2018-8626, a heap overflow vulnerability in the Windows DNS server could allow an attacker to execute code in the context of the LocalSystem Account.

Microsoft also addressed issues in its Internet Explorer and its Edge browsers as well as in a flaw in PowerPoint which were all likely to be exploited by threat actors.

Leave a Reply

You must be logged in to post a comment.