Microsoft Patches exploit zero-day
Microsoft Patches exploit zero-day Tuesday updates for November 2018 address more than 60 vulnerability CVE-2018-8589, including zero-days and publicly disclosed flaws.
CVE-2018-8589 is a race condition present in win32k!xxxMoveWindow due to improper locking of messages sent synchronously between threads.
The explo iCVE-2018-8589t populates lParam with pointers to the shellcode and after being successfully copyied to kernel inside win32k!SfnINOUTNCCALCSIZE, the kernel jumps to the user level. The exploit found in the wild only targeted 32-bit versions of Windows 7.