In its latest list of security updates, Microsoft announced, among other things, that it had fixed a Windows 10 zero-day vulnerability discovered by cybersecurity researchers. This vulnerability would have benefited many hackers.
November 13th, 2018, it was the second Tuesday of the month. And the second Tuesday of the month is known as Patch Tuesday, the day when Microsoft unveils its latest security patches for its software. In this newest edition, the firm has fixed a zero-day vulnerability, revealed by the IT security researchers at Kaspersky Lab, a company specializing in computer security.
The Windows 10 zero-day vulnerability would have been actively exploited
The flaw identified concerned the win32k.sys file and could allow malicious users to use it to increase their privileges on 32-bit Windows 7 systems. But for that, according to Microsoft, it was still necessary to be able to install malware on the targeted computers. A difficulty that did not frighten the hackers, since, according to Kaspersky Lab teams, this Windows 10 zero-day vulnerability was already widely exploited by many cybercriminals. It was called Advanced Persistent Threat (APT).
This announcement comes after the fix of another zero-day vulnerability, made in the October Patch Tuesday. The latter was related to win32.sys and had been spotted by Kaspersky Lab, also.
Microsoft has not yet fixed another zero-day vulnerability, though
On the other hand, it seems that Microsoft did not have time to implement another zero-day vulnerability in Windows 10, affecting Windows Data Sharing Service (dssvc.dll). Revealed a few weeks ago, this security flaw can allow a third party to recover data from an SSD disk, bypassing BitLocker’s data encryption, without any passwords required.
Microsoft did provide some tips to its users, however, on how to configure BitLocker to stay protected. In the meantime, Microsoft fixed a severe zero-day vulnerability with its November Patch Tuesday while we already look forward to the future security patch, which should appear on the second Tuesday of December.