As the year comes to a close, updates for both Microsoft and Adobe products and services are still ongoing via Patch Tuesday. This month’s round of updates, which fixes 63 bugs, includes a patch for a zero-day vulnerability that is already being used in malicious attacks. Perhaps the most notable vulnerability addressed this month is CVE-2018-8589, another Win32k Elevation of Privilege Vulnerability that is similar to October’s CVE-2018-8453, which allows an attacker to make use of specially crafted applications to take full control of a targeted machine. Kaspersky Lab researchers confirmed that threat actors are already actively exploiting this bug for their attacks.
REF: https://newsroom.trendmicro.com/blog/security-intelligence/november-patch-tuesday-fixes-another-zero-day-win32k-bug-other-public-vul
沒有留言:
張貼留言