Microsoft Fixes Privilege Escalation 0Day Under Active Attack

Microsoft’s monthly Patch Tuesday came with 49 security fixes and two advisories for Internet Explorer (IE), Microsoft Edge, Windows components, Microsoft Office and Office Services, Exchange, SQL Server, ChakraCore, Hyper-V, and .NET Core.

Twelve of the patched vulnerabilities are deemed Critical, 35 are categorized Important, one is Moderate, and one is considered Low severity. Three were known at the time their patches were released, and one is currently being exploited in active attacks. The bug being abused in attacks is CVE-2018-8453, a Win32k elevation of privilege vulnerability that exists in Windows when the Win32k component doesn’t properly handle objects in memory.

Read more about this month’s Patch Tuesday security fixes on DarkReading.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief