Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity.
One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being actively exploited in the wild by multiple hacking groups, including FruityArmor and SandCat APTs.
Discovered and reported by security researchers at Kaspersky, the zero-day attack exploits an elevation-of-privilege (EoP) bug in the Windows Kernel (ntoskrnl.exe) that could allow malicious programs to execute arbitrary code with higher privileges on the targeted systems.
The vulnerability, tracked as CVE-2018-8611 and classified important in severity, resides in the Kernel Transaction Manager, which occurs due to improper processing of transacted file operations in kernel mode.
The flaw affects almost all versions of Windows operating system—Windows 7 through Server 2019.
“This vulnerability successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox,” Kaspersky said.
“Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers.”
This is the third zero-day vulnerability Microsoft has back-to-back patched in three consecutive months through its regular monthly patch update to address a Win32K elevation of privilege bug.
Another important bug is a publicly known vulnerability, tracked as CVE-2018-8517, which is a denial-of-service issue in web applications built with the .NET Framework that exists due to improper handling of special web requests.
“The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application,” Microsoft explains.
The flaw was publicly disclosed, but Microsoft found no evidence of active exploitation of this vulnerability.
In addition to the zero-day and publicly known vulnerabilities, Microsoft patched 10 critical and 29 important vulnerabilities impacting a range of its products, including Windows, Edge, Internet Explorer, ChackraCore, Office and Microsoft Office Services and Web Apps, and the .NET Framework.
Besides its own products, Microsoft’s December 2018 Patch Tuesday also includes a security update for a recently-disclosed zero-day flaw in Adobe Flash Player, which was also actively being exploited by a state-sponsored cyber-espionage group.
Users and system administrators are strongly recommended to apply the latest security patches as soon as possible to keep hackers and cybercriminals away from taking control of their systems.
For installing the latest security patch updates, head on to Settings → Update & Security → Windows Update → Check for updates, on your computer system or you can install the updates manually.