Microsoft has patched 50 vulnerabilities during yesterday’s Patch Tuesday. Amongst the issues is a so-called zero-day vulnerability in Windows that has been actively attacked before a patch was available. The zero-day allowed an attacker with access to the system to elevate his privileges and Microsoft has classified its severity as ‘important’.
Kaspersky Lab discovered the zero-day in August this year. According to the antivirus vendor the vulnerability has been used in targeted attacks against less than a dozen targets in the Middle East. Kaspersky Lab reported the vulnerability on the 17th of August to Microsoft, which released a patch yesterday, the 9th of October. The attackers already had access to the system and used the vulnerability to gain privileges that they used to infect the system with persistent malware.
The exploit that made use of the vulnerability, was of high quality and designed to reliable attack several versions of Windows, according to Kaspersky Lab.
Besides the zero-day, also two vulnerabilities were patched of which details were already disclosed. Both vulnerabilities weren’t actively exploited, according to Microsoft. One is a vulnerability in the Microsoft JET Database Engine and the other in the Windows kernel.
Microsoft also fixed a vulnerability that has a CVE number from 2010. CVE numbers are unique numbers assigned to vulnerabilities after they are discovered. The vulnerability from 2010 allows remote code execution in certain applications built using Microsoft Foundation Classes (MFC).
Other vulnerabilities were patched in Internet Explorer, Microsoft Edge, Microsoft Office, Windows, ChakraCore, .NET Core, PowerShell Core, SQL Server Management Studio, Microsoft Exchange server, Azure IoT Edge and Hub Device Client SDK for Azure IoT.
On most systems the patches will be automatically installed.