Microsoft patched an actively attacked Windows kernel vulnerability during yesterday’s Patch Tuesday. The vulnerability, for which was no update available until yesterday, allowed an attacker with access to the system to elevate his privileges. Once elevated, the privileges could be used to run a specially crafted application to take control of the system.
In total, 39 vulnerabilities were patched in the last Patch Tuesday of this year. Nine of the vulnerabilities have been classified as critical. The actively attacked vulnerability was discovered by antivirus vendor Kaspersky Lab and reported to Microsoft in October this year. Kaspersky Lab has found that the vulnerability is currently actively exploited by several groups.
The vulnerability allows an attacker to elevate his privileges on an already compromised system and to execute code in kernel mode. It’s also possible to combine the leak with other vulnerabilities which make it possible to perform remote attacks against internet users and, even worse, make it possible to escape the browser sandbox of Chrome and Edge.
Microsoft also patched a vulnerability in the .NET Framework which allowed a denial of service attack. Details about this vulnerability were already disclosed before the patch was released but, according to Microsoft, there have been no attacks exploiting the issue.
Other patched vulnerabilities were in Internet Explorer, Edge, Windows, Office, ChakraCore, Exchange Server and Visual Studio.
On most systems the patches will be automatically installed. They can also be manually downloaded from the Microsoft Update Catalog.