Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Intel Core i5 11400F processor review
Corsair Vengeance RGB Pro SL 3600 MHz 32GB review
ASRock Z590 Extreme review
Gigabyte Radeon RX 6700 XT Gaming OC review
Corsair K70 RGB TKL keyboard review
Corsair RM650x (2021) power supply review
be quiet! Silent Loop 2 280mm review
Corsair K55 RGB PRO XT keyboard review
Guru3D Rig of the Month - March 2021
Intel Core i9-11900K processor review

New Downloads
Intel HD graphics Driver Download Version: DCH 27.20.100.9466
CPU-Z download v1.96
GeForce 466.11 WHQL driver download
Guru3D RTSS Rivatuner Statistics Server Download 7.3.2 Beta 2
MSI Afterburner 4.6.4 Beta 2 Download
HWiNFO Download v7.02
Corsair Utility Engine Download (iCUE) Download v4.9.350
Quake II RTX Download 1.5.0
GeForce 465.89 WHQL driver download
AIDA64 Download Version 6.33


New Forum Topics
4790K+960 SLI Windows XP Retrogaming build Codemasters F1 2021 gets co-op and Raytracing GeForce 466.11 WHQL driver download & discussion Windows power plan settings explorer utility Confirmed: GeForce RTX 3080 Ti with 12GB Gets Spotted in Transit Review: Intel Core i5 11400F processor RTSS and NV V3 frame rate limiter = artifacts, flicker? Fix game stutter on Win 10 1703-1809 NVIDIA to replace RTX 3060 GPU with GA106-302 chip to suppress ETH mining Any harm in enabling "Resizable Bar" in the BIOS if your GPU doesn't support it yet?




Guru3D.com » News » Microsoft patches actively exploited leak and 61 other vulnerabilities

Microsoft patches actively exploited leak and 61 other vulnerabilities

by Hilbert Hagedoorn on: 11/15/2018 09:50 AM | source: myce | 0 comment(s)
Microsoft patches actively exploited leak and 61 other vulnerabilities

Last Tuesday Microsoft rolled out a new series of patches, one of them was an actively exploited leak in Windows, an attacker with access to the system could elevate his privileges. In total, Microsoft patched 62 vulnerabilities.

The actively exploited leak was discovered and reported to Microsoft by antivirus vendor Kaspersky Lab on the 17th of October. Reports myce:

“The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system,” Kaspersky Lab explains in a blog post. However, the vulnerability itself was not sufficient to compromise a system, in order to do that, the attacker already had to be able to access the system. An undisclosed number of users in the Middle-East became victim of the attack:

Microsoft also reports it has fixed a vulnerability in the Windows Advanced Local Procedure Call (ALPC). Details about the leak were already disclosed before the patch became available. The leak allowed an attacker to elevate privileges on an already compromised system. There are no indications that the vulnerability has been exploited ‘in the wild’.

Besides that, Microsoft also patched several vulnerabilities in Outlook. These allowed an attacker to execute arbitrary code on a system through a specially crafted RWZ file. In the worst case, the attacker could get full control over the system. To perform the attack, it was required that a victim opened the malicious RWZ file in Outlook.

Another vulnerability was patched in Windows Search, this leak allowed an attacker to take full control over the system. For the attack to succeed, the attacker had to send a specially crafted message to the Windows search service. This message could be sent either remotely or through local access, for the latter the user had to be authenticated.

All patches that are part of this November’s Patch Tuesday are automatically installed on most systems.







« ADATA Now Offers SU630 3D QLC NAND SSD · Microsoft patches actively exploited leak and 61 other vulnerabilities · Intel processor shortages to continue into 2Q19 says ASUS »

Related Stories

Microsoft acquires Obsidian and inXile - 11/12/2018 09:40 AM
Microsoft has announced that it has acquired Fallout: New Vegas and Pillars of Eternity developer Obsidian Entertainment, as well as Wasteland and The Bard’s Tale developer inXile ...

New Microsoft Bug Invalidates Windows 10 Pro Licenses - 11/09/2018 10:35 AM
A new week, a new Windows 10 bug. As it seems there is an issue specific towards Windows 10 Pro license holders, for a number of people the license deactivates itself rendering the Windows 10 build u...

Microsoft patches 50 vulnerabilities incl a Zero Day Issue - 10/11/2018 09:00 AM
It was patch Tuesday yesterday and if you have not done so, you should grab that update alright as Microsoft addressed 50 vulnerabilities including a zero-day vulnerability....

Microsoft resolves issue with Windows 10 disappearing files - 10/10/2018 08:37 AM
The new Windows 10 October update no longer removes files by accident. Microsoft says it has solved the problem, and that it wants to help users get their files back....

Microsoft can recover lost files Windows 10 October 2018 Update - But You Need To Call Them - 10/09/2018 08:40 AM
Wowzers, so remember the news-item we wrote a couple of days ago, Micsofot halting the Fall update due to people losing files and documents? Well, the good news is that the files can be recovered, h...


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021