As promised earlier, Microsoft has rolled out a security patch to resolve a flaw in Windows that was considered quite serious and was being actively exploited by attackers.
As a Microsoft security bulletin explains, this security update resolves vulnerabilities in the Microsoft Windows operating system. "The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system," the bulletin notes.
The company has rated this security update as "important" and says it addresses the vulnerabilities by correcting the Windows kernel-mode driver that handles objects in memory.
The company has listed the software versions or editions affected by the vulnerability. The versions that are not in the list are either past their support life cycle or not affected.
The patch has been released as part of its monthly security patches known as Patch Tuesday, reports ZDNeT.
Google reported the zero-day vulnerability, which is a publicly disclosed security flaw, to Microsoft on 21 October.
If affected with the flaw, attackers would be able to run programs, delete data, and create new accounts with user rights and then take control of the affected system.
Terry Myerson, executive vice president of Windows and Devices Group, said the Russian hacker group Strontium has conducted a low-volume spear-phishing campaign. But he said Google's decision to disclose the vulnerabilities before patches are available is "disappointing" and puts "customers at increased risk".
To address the vulnerability, Microsoft recommends that users upgrade to Windows 10. "Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild," said Myerson.
Along with the major fix, Microsoft has fixed six critical flaws, including a vulnerability affecting all versions of Windows. It has also released eight important updates, including cumulative updates for the Internet Explorer and Edge browser.