Microsoft Patches exploit zero-day
Microsoft patches use the zero-day updates for Tuesday of November 2018 to resolve more than 60 security vulnerabilities (CVE-2018-8589), including zero-day updates and publicly reported bugs.
CVE-2018-8589 is a race condition in win32k! XxxMoveWindow because messages sent synchronously between threads are not properly locked.
The iCVE-2018-8589t exploit fills lParam with pointers to the shellcode and after successfully executing win32k! SfnINOUTNCCALCSIZE has been copied to the kernel, the kernel is passed to the user level. The exploit took place in the wild only in 32-bit versions of Windows 7.