Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws.
Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active exploitation before today’s patches were made available.
ZERO-DAY EXPLOITED BY MULTIPLE APTS
The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component. Microsoft classified the issue as an “elevation of privilege” vulnerability and says that before an attacker could use this zero-day to gain elevated privileges, they’ll need to find a way to infect a system and run malicious code on it beforehand, using other exploits.
Microsoft credited Kaspersky Lab researchers for discovering this zero-day. A Kaspersky spokesperson told ZDNet that they discovered the zero-day being exploited by multiple cyber-espionage groups (APTs).