Hacking NewsSecurity Vulnerability

Microsoft Patches exploit zero-day

zero-day vulnerability CVE-2018-8589

Microsoft Patches exploit zero-day

 

 

Microsoft Patches exploit zero-day Tuesday updates for November 2018 address more than 60 vulnerability CVE-2018-8589, including zero-days and publicly disclosed flaws.

 

CVE-2018-8589 is a race condition present in win32k!xxxMoveWindow due to improper locking of messages sent synchronously between threads.

 

The explo iCVE-2018-8589t populates lParam with pointers to the shellcode and after being successfully copyied to kernel inside win32k!SfnINOUTNCCALCSIZE, the kernel jumps to the user level. The exploit found in the wild only targeted 32-bit versions of Windows 7.

Nearly a dozen of the vulnerabilities patched this month are critical, including several memory corruption bugs affecting Internet Explorer and Edge, and remote code execution flaws in the Windows Deployment Services TFTP server, graphics components, and the VBScript engine.

Source : A new exploit for zero-day vulnerability CVE-2018-8589

 

Anti-DDOS – Anti DDOS Bash Script

Best 10 Cybersecurity Books

Tags

Ahmed Ferdoss

at the morning I'm a Political Science men and at night I'm a Ethical Hacker that's it all .. !!

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close