Last Tuesday Microsoft rolled out a new series of patches, one of them was an actively exploited leak in Windows, an attacker with access to the system could elevate his privileges. In total, Microsoft patched 62 vulnerabilities.

The actively exploited leak was discovered and reported to Microsoft by antivirus vendor Kaspersky Lab on the 17th of October. Reports myce:

“The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system,” Kaspersky Lab explains in a blog post. However, the vulnerability itself was not sufficient to compromise a system, in order to do that, the attacker already had to be able to access the system. An undisclosed number of users in the Middle-East became victim of the attack:

Microsoft also reports it has fixed a vulnerability in the Windows Advanced Local Procedure Call (ALPC). Details about the leak were already disclosed before the patch became available. The leak allowed an attacker to elevate privileges on an already compromised system. There are no indications that the vulnerability has been exploited ‘in the wild’.

Besides that, Microsoft also patched several vulnerabilities in Outlook. These allowed an attacker to execute arbitrary code on a system through a specially crafted RWZ file. In the worst case, the attacker could get full control over the system. To perform the attack, it was required that a victim opened the malicious RWZ file in Outlook.

Another vulnerability was patched in Windows Search, this leak allowed an attacker to take full control over the system. For the attack to succeed, the attacker had to send a specially crafted message to the Windows search service. This message could be sent either remotely or through local access, for the latter the user had to be authenticated.

All patches that are part of this November’s Patch Tuesday are automatically installed on most systems.

Microsoft patches actively exploited leak and 61 other vulnerabilities