Microsoft and Adobe Patch 100+ Bugs in December

There’ll be plenty for system administrators to do right up to the end of the year with Microsoft’s latest patch update round featuring fixes for nine critical vulnerabilities including one zero-day bug. The 39 flaws reported by the computing giant on Tuesday paled in comparison to the 87 posted by Adobe and represent a relatively light load, but there are important caveats. The main one is CVE-2018-8611, an elevation-of-privilege (EoP) bug that affects all supported operating systems from Windows 7 to Server 2019, enabling an attacker to run arbitrary code in kernel mode. “To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system,” explained Microsoft. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”