Microsoft Fixes Privilege Escalation 0Day Under Active Attack

Microsoft’s monthly Patch Tuesday came with 49 security fixes and two advisories for Internet Explorer (IE), Microsoft Edge, Windows components, Microsoft Office and Office Services, Exchange, SQL Server, ChakraCore, Hyper-V, and .NET Core.

Twelve of the patched vulnerabilities are deemed Critical, 35 are categorized Important, one is Moderate, and one is considered Low severity. Three were known at the time their patches were released, and one is currently being exploited in active attacks. The bug being abused in attacks is CVE-2018-8453, a Win32k elevation of privilege vulnerability that exists in Windows when the Win32k component doesn’t properly handle objects in memory.

Read more about this month’s Patch Tuesday security fixes on DarkReading.