Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft Patches Windows Zero-Day Exploited by ‘FruityArmor’ Group

Microsoft’s Patch Tuesday updates for October 2018 resolve nearly 50 vulnerabilities, including a Windows zero-day flaw exploited by an advanced persistent threat (APT) actor known as FruityArmor.

Microsoft’s Patch Tuesday updates for October 2018 resolve nearly 50 vulnerabilities, including a Windows zero-day flaw exploited by an advanced persistent threat (APT) actor known as FruityArmor.

The zero-day, tracked as CVE-2018-8453, has been described by Microsoft as a privilege escalation issue related to how the Win32k component of Windows handles objects in memory. The company says an authenticated attacker can exploit the security hole to elevate privileges and take control of the affected system.

According to Microsoft, the vulnerability has been actively exploited against older versions of Windows, but exploitation may also be possible on the latest versions of the operating system.

The flaw was reported to Microsoft by Kaspersky Lab, whose experts noticed the attacks exploiting CVE-2018-8453. Kaspersky will publish a detailed technical report on Wednesday, but the company told SecurityWeek that the vulnerability has been exploited by the FruityArmor group in a highly targeted campaign.

Interestingly, Microsoft’s Patch Tuesday updates for October 2016 also addressed a Windows zero-day exploited by FruityArmor. That attack was also first observed by Kaspersky Lab.

Microsoft’s latest updates also fix three vulnerabilities that were publicly disclosed before patches were made available, including a JET Database Engine issue for which an unofficial patch was released by 0patch.

The other disclosed flaws are a privilege escalation bug affecting the Windows kernel, and a remote code execution weakness impacting Azure IoT.

A dozen of the vulnerabilities addressed this month are critical. They impact Internet Explorer, Edge, Hyper-V, and XML Core Services.

One of the patches addresses CVE-2010-2190. This vulnerability was first resolved in 2010, but Exchange Server was not identified as one of the affected products at the time.

“This vulnerability affects all installations of Exchange Server. If you are running any version of Exchange server released prior to Exchange Server 2016 Cumulative Update 11 (as of this publishing, Cumulative Update 10 is the most recent cumulative update for Exchange 2016), the Visual Studio 2010 updates in MS11-025 should be applied to your Exchange Server,” Microsoft explained in its advisory.

The remaining vulnerabilities have been classified as “important” – and a couple as “moderate” and “low” – and they impact Windows, SharePoint, Office, Edge, and SQL Server Management Studio.

“There was a total of 49 CVEs addressed across the portfolio,” commented Chris Goettl, director of product management and security for Ivanti. “As expected, the majority, 33 were fixed in Windows 10, Edge, and the associated Server versions. Also, please note that there was an update for Server 2019 which was made generally available last week. Microsoft continued the trend from last month where they introduced both a monthly rollup and a security-only release for Server 2008. Prior to that there was only a single security update. Updates were released for all supported versions of Exchange Server and Sharepoint Server this month as well.”

Related: Microsoft Patches Zero-Day Flaws in Windows, Internet Explorer

Related: Microsoft Patches Windows Zero-Day Disclosed via Twitter

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.