Microsoft Patches Zero-Day Under Active Attack by APT

October 10, 2018


A zero-day vulnerability tied to the Window’s Win32k component is under active attack, warns Microsoft.

Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component.

The zero-day (CVE-2018-8453), found by Kaspersky Lab, could allow an adversary to run arbitrary code in kernel mode on targeted systems. “An attacker could then install programs; view, change or delete data; or create new accounts with full user rights,” Microsoft wrote in its patch update. Windows 7, 8.1, 10, and Server 2008, 2012, 2016, and 2019 are affected.

Read More on Threat Post