Microsoft has patched a zero-day escalation of privilege bug in Windows after Kaspersky Lab researchers noticed multiple cyber-espionage groups exploiting it. The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component. Microsoft classified the issue as an “elevation of privilege” vulnerability and says that before an attacker could use this zero-day to gain elevated privileges, they’ll need to find a way to infect a system and run malicious code on it beforehand, using other exploits.
Read more about the Windows zero-day which was being exploited by cyber-espionage groups for spying on ZDNet.