Admins Urged to Patch Four Publicly Disclosed Bugs

Admins Urged to Patch Four Publicly Disclosed Bugs

Microsoft released fixes for over 60 CVEs yesterday as part of its monthly update round, three of which have been publicly disclosed and one which was being actively exploited in the wild.

CVE-2018-8440 is an Elevation of Privilege vulnerability in Windows Advanced Local Procedure Call (ALPC) which was disclosed by researcher and Twitter user @SandboxEscaper on August 27.

“It didn’t take long for malicious actors to incorporate this into real-world attacks, with users having no recourse until today’s patches came out,” explained rapid7 senior security researcher, Greg Wiseman. “Although an attacker would need to convince a user to download and open a specially crafted file to exploit this, if successful, they would be able to gain full system privileges.”

By Phil Muncaster

To read the full article please click here.