Microsoft released several year-end December, security updates to patch a total of 39 vulnerabilities in its Windows operating systems and applications—10 of which they rated as critical including (CVE-2018-8611.)
The flaw affects almost all versions of Windows operating system—Windows 7 through Server 2019.
The exploit originally discovered and reported by security researchers at Kaspersky, allows for a zero-day attack exploitation of elevation of privilege (EoP) bug in the Windows Kernel (ntoskrnl.exe.) Exploiting the Windows Kernel could then allow malicious programs to execute their own subjective code with higher privileges on any targeted vulnerable systems.
“This vulnerability successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox,” Kaspersky said.
“Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers.”
Another important publicly known vulnerability known as CVE-2018-8517, which is a denial-of-service bug in web applications was also fixed in the update.
“The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application,” Microsoft explains.
Microsoft also patched 10 critical and 29 important vulnerabilities affecting a range of its products, including — Windows, Edge, Internet Explorer, ChackraCore, Office, Microsoft Office Services and Web Apps, and the .NET Framework responsible for a number of applications.
Users and system administrators alike are strongly recommended to apply the latest security patches as prompted to update, to not risk becoming a slave for a hacker’s botnet. Unless of course, you want to opt for being a target of a hacker or group of hackers.
Then by all means, please keep your system software outdated with these vulnerabilities present including the Kernal bug. Which hackers are going to have a field day with that bug present, just remember you the reader are responsible for all your actions with this information and this is just security education.
For installing the latest security patch updates, go to Settings → Update and Security → Windows Update → then Check for updates, on your computer system or you can install the updates manually.