Microsoft’s December security update includes fix for 38 vulnerabilities
- One of the security patches was dedicated to fix a Windows zero-day vulnerability (CVE-2018-8611).
- If exploited successfully, the vulnerability could allow attackers to run random code in kernel mode.
Microsoft has released its monthly security patches to fix flaws across a large set of its products. Known as ‘Patch Tuesday Updates’, the security patches have been unleashed to fix a total of 38 vulnerabilities, 9 of which are rated critical.
One of the security patches was dedicated to fix a Windows zero-day vulnerability (CVE-2018-8611) that was exploited in the wild for four consecutive months. The zero-day vulnerability was abused in two cyberespionage operations in November.
The zero-day vulnerability, tracked as CVE-2018-8611, is an escalated privilege vulnerability in the Windows Kernel. According to Microsoft, “ the vulnerability exists when the Windows kernel fails to properly handle objects in memory."
If successfully exploited, the vulnerability could allow attackers to run random code in kernel mode and conduct several other nefarious activities.
“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft said. “To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.”
The flaw was discovered by security researchers Igor Soumenkov and Boris Larin from Kaspersky Lab and it is believed that the threat groups who were responsible for the exploitation of the zero-day vulnerability are also behind the attacks with CVE-2018-8611.
Flash zero-day vulnerability updated
Among the other security fixes, Microsoft also released an update for the Flash zero-day vulnerability that was used by Russian state-backed hackers. The zero-day vulnerability tracked as ADV180031, was used by hackers to carry out attacks against Ukraine, by embedding a malicious Flash Active X object inside a Word document.