[ad_1]
Yesterday was Patch Tuesday for Microsoft. The company has resolved 62 vulnerabilities in its software this month. Among the fixes, there is a solution for an actively exploited "day zero" vulnerability. To date, this is no longer possible for people who update their device.
Microsoft has solved a lot of vulnerabilities. These include critical vulnerabilities, but also slightly less serious problems. Whatever it is, there are 62 patches, one of which is very important.
Zero day resolved
The zero day under the name CVE-2018-8589 affected the Windows Win23k component. . Microsoft argued that it was a vulnerability allowing malicious people with access to a device to self-assign more privileges. An attacker could use it to infect a system and run a malware.
Today, Microsoft is solving the problem of zero day, which, according to the company, was discovered by researchers at Kaspersky Lab. A Kaspersky spokesman told ZDNet that the zero-day was being exploited by various spying groups. The zero day was used to increase the privileges on 32-bit versions of Windows 7. Last month, Microsoft had also closed a similar vulnerability, also discovered by Kaspersky researchers.
Unsolved
Another zero day that was unveiled at the end of October has not yet been resolved. Last month, a vulnerability appeared to affect the Windows data sharing service. Unfortunately, we did not have time to create a fix, test it, and then deploy it. Microsoft can not be blamed for that; the researcher who discovered that the vulnerability did not give Microsoft the time to examine it before it was unveiled.
Other vulnerabilities that Microsoft has addressed include Windows, Internet Explorer, Microsoft Edge, the ChakraCore JavaScript engine, among others. NET Core Framework, Skype for Business, etc. Twelve vulnerabilities are classified as critical and required a direct solution.
Source link
