New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study


Microsoft Patches Nine Bugs

December 12, 2018

A zero-day vulnerability targeting older Windows operating systems has been addressed along with nine critical vulnerabilities. CVE-2018-8611 is known as an EoP bug that attacks Windows 7. Its CVSS rating is seven which is high in severity. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” said Microsoft. In order for this to be done, the attacker would have get into the system and run an application that would take control. The nine vulnerabilities affect Microsoft products such as Internet Explorer, Edge, ChakraCore, and Office. Five out of nine of these are linked to the Chakra scripting engine which is Microsoft’s Java engine. These flaws are memory-corruption flaws that inject arbitrary code which would eventually lead to a system takeover. The 39 bugs that have been patched is a surprisingly low number for a whole month.

Analyst Notes

If users’ systems are affected by these bugs, it is important that they update them immediately. Keep up with Microsoft because new bugs and vulnerabilities arise each day so there will be more to patch and update as time goes on.