Windows security warning: new exploit is targeting versions 8 to 10


Microsoft sent out a patch on Tuesday which sought to fixe two actively-exploited Windows zero-day vulnerabilities. The first which targeted Windows 7 users was brought to public attention last week by Google security engineer, Clement Lecigne. He warned that the zero-day vulnerability could be used together with a Chrome exploit to take over Windows systems and advised people to upgrade to Windows 10.

The second flaw was found by Kaspersky Lab saying they have detected a new exploited vulnerability in Windows, which it believes has been used in targeted attacks by at least two threat actors.

The exploit targets Windows 8 and Windows 10, using a vulnerability in Microsoft Windows’ graphic subsystem to achieve local privilege escalation. This provides the attacker with full control over a victim’s computer.

The exploited vulnerability was detected by Kaspersky Lab’s Automatic Exploit Prevention technology.