CVE-2018-8589: Another day, another OS vulnerability

From kaspersky.com

A month ago, we wrote about finding an exploit for a vulnerability in Microsoft Windows. It may sound familiar, but our proactive technologies have detected another zero-day exploit, and again, the exploit targets a previously unknown vulnerability in the operating system. This time, only Windows 7 and Windows Server 2008 are at risk.

Developers promptly patched this vulnerability on November 13.

That limitation does not make the threat less dangerous, however. Although Microsoft ended mainstream support of Windows Server 2008 on January 2015 and provided a free upgrade at the launch of Windows 10, not everyone upgraded. Developers are still providing security updates and support for both systems (and should continue to do so until January 14, 2020) because they still have enough clients to warrant the support.

When we detected the exploit, in late October, our experts immediately reported the vulnerability to Microsoft, along with a proof of concept. Developers promptly patched it on November 13.

Read more…