December's Patch Tuesday from Microsoft has fixed a total of 39 bug fixes, including a zero-day security flaw that is already being exploited in the wild by hacking groups.
This vulnerability in kernel image ntoskrnl.exe was reported to Microsoft on 29th October by Kaspersky.
It is listed as CVE-2018-8611 and classified as 'important'. A local privilege escalation bug, Kaspersky researchers say it has already been exploited by hacking groups with the monikers FruityArmor and SandCat.
"CVE-2018-8611 is an especially dangerous threat - a vulnerability in the Kernel Transaction Manager driver. It can also be used to escape the sandbox in modern web browsers, including Chrome and Edge, since syscall filtering mitigations do not apply to ntoskrnl.exe system calls," the company says.
Kasperky continues: "This vulnerability successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox. Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers."
All versions of Windows from Windows 7 to Server 2019 are affected by the bug. Microsoft has released a Patch Tuesday service update to mitigate the issue. The zero-day is the fourth such vulnerability to be patched by Microsoft in recent weeks.
Another Windows flaw is also fixed in the update. CVE-2018-8517, is a remote execution bug which could allow an attacker to execute a DoS attack by issuing certain commands to the .Net framework.
The update also includes patches for critical Adobe Flash Player remote code execution vulnerabilities CVE-2018-15982 and CVE-2018-15983 which were also being exploited in the wild.
In addition to the zero-day and ten other issues, the update fixes 29 vulnerabilities affecting Windows, Edge, Internet Explorer, ChackraCore, Office and Microsoft Office Services and Web Apps, .NET and other Microsoft products.
Warming was most pronounced in Siberia region
The tank will be subjected to high stresses and loads via dozens of hydraulic cylinders during testing
'Sunlit wet sidewalk' provides evidence of methane rainfall on the north pole of Saturn's moon Titan
Methane rainfall indicates the start of the summer season in Titan's northern hemisphere
Scientists believe there could be other hydrides or superhydrides with super conducting properties