Is Copilot the best AI companion out there? Help us find out by answering a couple of quick questions!
On Monday, Microsoft provided details on how they collaborated with ESET and Adobe security researchers to find and neutralize a double zero-day exploit before an attacker had a chance to use it. This particular exploit affected both Adobe products (Acrobat and Reader) and Microsoft products (Windows 7 and Windows Server 2008).
The first exploit attacks the Adobe JavaScript engine to run shellcode in the context of that module. The second exploit, which does not affect modern platforms like Windows 10, allows the shellcode to escape Adobe Reader sandbox and run with elevated privileges from Windows kernel memory.
Microsoft and Adobe have already released security updates for these exploits, you can learn more about them from the links below.
- CVE-2018-4990 | Security updates available for Adobe Acrobat and Reader | APSB18-09
- CVE-2018-8120 | Win32k Elevation of Privilege Vulnerability
If you are interested in learning more about the exploit process, hit the source link below.
Source: Microsoft