A zero-day vulnerability targeting older Windows operating systems has been addressed along with nine critical vulnerabilities. CVE-2018-8611 is known as an EoP bug that attacks Windows 7. Its CVSS rating is seven which is high in severity. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” said Microsoft. In order for this to be done, the attacker would have get into the system and run an application that would take control. The nine vulnerabilities affect Microsoft products such as Internet Explorer, Edge, ChakraCore, and Office. Five out of nine of these are linked to the Chakra scripting engine which is Microsoft’s Java engine. These flaws are memory-corruption flaws that inject arbitrary code which would eventually lead to a system takeover. The 39 bugs that have been patched is a surprisingly low number for a whole month.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is