Researchers have discovered a zero-day vulnerability (CVE-2018-8589) within win32k.sys affecting 32-bit versions of Windows 7. The vulnerability was reported to Microsoft on October 17^th and is a privilege escalation vulnerability. It exists due to “improper locking of messages sent synchronously between threads.” If exploited successfully, it could allow an attacker to view or alter data, install programs, or create new user accounts by “running arbitrary code in the context of the local system.” At the time of writing this article, the delivery method remains unknown, however according to researchers, “the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system.” The zero-day is currently being used by at least one APT actor but if an attacker attempts to exploit the zero-day on machines that are up to date with security updates, the system will crash.

read more →

Yesterday, Microsoft released a patch to fix a remote code execution flaw, CVE-2017-11937, in its Malware Protection Engine (MPE).

read more →

A Microsoft Word exploit has been active for 17 years, but only discovered and patched earlier this month.

read more →

A new vulnerability in Microsoft Office has surfaced. The vulnerability is a memory corruption issue that resides in all versions of Microsoft Office that has been released in the past 17 years, which include Microsoft Office 365 and the latest version of Microsoft Windows 10.

read more →

A new unpatched attack method has surfaced that exploits a built-in feature of Microsoft Office.

read more →