Hacking NewsSecurity Vulnerability

Microsoft Patches exploit zero-day

zero-day vulnerability CVE-2018-8589

Microsoft Patches exploit zero-day



Microsoft patches use the zero-day updates for Tuesday of November 2018 to resolve more than 60 security vulnerabilities (CVE-2018-8589), including zero-day updates and publicly reported bugs.

CVE-2018-8589 is a race condition in win32k! XxxMoveWindow because messages sent synchronously between threads are not properly locked.

The iCVE-2018-8589t exploit fills lParam with pointers to the shellcode and after successfully executing win32k! SfnINOUTNCCALCSIZE has been copied to the kernel, the kernel is passed to the user level. The exploit took place in the wild only in 32-bit versions of Windows 7.

Nearly a dozen vulnerabilities that were fixed this month are critical, including multiple memory corruption errors in Internet Explorer and Edge, and remote code execution errors on the Windows Deployment Services TFTP server. Graphics and the VBScript engine.

Source : A new exploit for zero-day vulnerability CVE-2018-8589


Anti-DDOS – Anti DDOS Bash Script

Best 10 Cybersecurity Books


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button