+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News Microsoft released fixes for over 60 CVEs (/showthread.php?tid=743)
Microsoft released fixes for over 60 CVEs - Mr.Kurd - 09-12-2018
In The Name OF Allah
Al-Salam Alekum
![[Image: ?u=http%3A%2F%2Fwww.moweble.com%2Fconsol...q%3D80&f=1]](https://proxy.duckduckgo.com/iu/?u=http%3A%2F%2Fwww.moweble.com%2Fconsole%2Fwp-content%2Fthemes%2FMagMan%2Ftimthumb.php%3Fsrc%3Dhttp%3A%2F%2Fwww.moweble.com%2Fconsole%2Fwp-content%2Fuploads%2F2013%2F11%2Fmicrosoft-fix-it.jpg%26w%3D720%26h%3D%26zc%3D1%26q%3D80&f=1)
Quote:Microsoft released fixes for over 60 CVEs yesterday as part of its monthly update round, three of which have been publicly disclosed and one which was being actively exploited in the wild.https://www.infosecurity-magazine.com/news/admins-patch-four-publicly
CVE-2018-8440 is an Elevation of Privilege vulnerability in Windows Advanced Local Procedure Call (ALPC) which was disclosed by researcher and Twitter user @SandboxEscaper on August 27.
“It didn't take long for malicious actors to incorporate this into real-world attacks, with users having no recourse until today's patches came out,” explained rapid7 senior security researcher, Greg Wiseman. “Although an attacker would need to convince a user to download and open a specially crafted file to exploit this, if successful, they would be able to gain full system privileges.”
Wa Salam Alekum