Microsoft patches actively exploited leak in Windows and 61 other vulnerabilities

Microsoft has closed an actively exploited leak in Windows during this November’s Patch Tuesday. Through the leak, an attacker with access to the system could elevate his privileges. In total, Microsoft patched 62 vulnerabilities in Internet Explorer, Edge, Windows, Microsoft Office, ChakraCore, .NET Core, Skype for Business and several other applications.

Microsoft patches actively exploited leak in Windows and 61 other vulnerabilities

The actively exploited leak was discovered and reported to Microsoft by Russian antivirus vendor Kaspersky Lab on the 17th of October.

“The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system,” Kaspersky Lab explains in a blog post. However, the vulnerability itself was not sufficient to compromise a system, in order to do that, the attacker already had to be able to access the system. An undisclosed number of users in the Middle-East became victim of the attack.

Microsoft also reports it has fixed a vulnerability in the Windows Advanced Local Procedure Call (ALPC). Details about the leak were already disclosed before the patch became available. The leak allowed an attacker to elevate privileges on an already compromised system. There are no indications that the vulnerability has been exploited ‘in the wild’.

Besides that, Microsoft also patched several vulnerabilities in Outlook. These allowed an attacker to execute arbitrary code on a system through a specially crafted RWZ file. In the worst case, the attacker could get full control over the system. To perform the attack, it was required that a victim opened the malicious RWZ file in Outlook.

Another vulnerability was patched in Windows Search, this leak allowed an attacker to take full control over the system. For the attack to succeed, the attacker had to send a specially crafted message to the Windows search service. This message could be sent either remotely or through local access, for the latter the user had to be authenticated.

All patches that are part of this November’s Patch Tuesday are automatically installed on most systems.