HomeWinBuzzer NewsMicrosoft Patches Windows 10 Zero-Day Vulnerability

Microsoft Patches Windows 10 Zero-Day Vulnerability

A zero-day vulnerability in Windows 10, first reported by Kaspersky in August, has been patched by Microsoft this week.

-

Much of 's week has been consumed by the flawed release of October 2018 Update. The company was forced to pull the update due to the release deleting personal files. However, Microsoft has also been solving some other issues with Windows 10, namely a zero-day vulnerability.

In a Cumulative Update this week, Microsoft dealt with a Windows 10 vulnerability first reported by Kaspersky in August. The Russian security firm said the flaw was being exploited for targeted attacks in the Middle East.

In its release notes this week, Microsoft explains the Win32k Elevation of Privilege Vulnerability (CVE-2018-8453) and the update to patch it:

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.”

Exploit

Kaspersky has said the vulnerability has been exposed by FruityArmor, a hacking group. The company says the “code of the exploit is of high quality and written with the aim of reliably exploiting as many different MS Windows builds as possible, including MS Windows 10 RS4.”

In recent years, the relationship between Microsoft and has been troubled. The company accused Microsoft of monopolizing anti-virus by limiting third-parties in Windows 10. Kaspersky contacted Microsoft and was willing to work towards finding a solution. That dialogue did not materialize so Kaspersky filed an antitrust complaint against Microsoft in Europe.

Microsoft finally relented and made the required changes to Windows 10 to reach a settlement.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News