A publicly disclosed Windows zero-day vulnerability could allow attackers to take full control of systems once they compromise a low-privilege account. Here's a fix.
Microsoft has left two publicly known vulnerabilities unpatched in Windows this month, but researchers have stepped in and created temporary patches that can be easily applied to protect systems until an official fix becomes available.
During the last two weeks of December, a security enthusiast who uses the online handle SandboxEscaper released details and proof-of-concept exploit code for two privilege escalation vulnerabilities in Windows. Researchers from ACROS Security have released a temporary "micropatch" for one of them through 0patch, a service that provides in-memory binary patching for zero-day flaws, and they are currently testing a patch for the secondary issue as well.