Microsoft patches Windows zero-day used by multiple cyber-espionage groups

Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws.

Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active exploitation before today’s patches were made available.

The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component. Microsoft classified the issue as an “elevation of privilege” vulnerability and says that before an attacker could use this zero-day to gain elevated privileges, they’ll need to find a way to infect a system and run malicious code on it beforehand, using other exploits.

Read more…
Source: ZDNet