The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2018-8639, a decade-old Microsoft Windows privilege escalation flaw, to its Known Exploited Vulnerabilities (KEV) catalog amid confirmed active attacks.
First patched by Microsoft in December 2018, this Win32k kernel-mode driver vulnerability enables authenticated local attackers to execute arbitrary code with SYSTEM privileges, granting unfettered control over affected systems.
https://gbhackers.com/microsoft-windows ... erability/