Microsoft addressed nearly 40 vulnerabilities including and actively exploited zero-day, in its December 2018 Patch Tuesday release.
Several of the issues were rated critical or important and or dealt with remote code execution flaws in Windows including one vulnerability that was actively being exploited in the wild.
“One of the most important flaws is a Windows Kernel Elevation of Privilege vulnerability (CVE-2018-8611), which has been exploited in the wild by attackers,” Satnam Narang, senior research engineer at Tenable told SC Media. “While this vulnerability requires an attacker to have an established presence on the vulnerable system, security teams should prioritize it in their patching cycles.”
Chris Goettl, director of product management, security, for Ivanti, agreed describing the flaw as allowing an attacker to execute an elevation of privilege enabling them to run arbitrary code in kernel mode.
“This vulnerability exists in all currently supported WindowsOperating systems from Windows 7 to Server 2019,” Goettl said. “Exploitation has been detected on older OSs already, but the Exploitability Index is rated as a 1 for Windows 10 and Server 2019.”
Recorded Future Senior Solutions Architect Allan Liska also warned users of a Heap Overflow vulnerability that an attacker can exploit by sending a specially crafted DNS packet to the vulnerable system.
“If successfully exploited, the attacker could execute arbitrary code,” Liska said. “While most users don’t have to worry about this vulnerability, as they are not exposing DNS services to the internet, large corporations and Internet Service Providers that run public-facing DNS server should patch immediately.”
Microsoft also addressed issues in its Internet Explorer and its Edge browsers as well as in a flaw in PowerPoint which were all likely to be exploited by threat actors.