A security researcher with Twitter alias SandboxEscaper has released a new zero-day vulnerability affecting Microsoft’s Windows operating system. The vulnerability resides in “MsiAdvertiseProduct” function of Windows that’s responsible for generating “an advertise script or advertises a product to the computer” The vulnerability is an arbitrary file read issue that could allow a low-privileged user or a malicious program to read the content of any file on a targeted Windows computer that otherwise would only be possible via administrator-level privileges.
Source: https://thehackernews.com/2018/12/windows-zero-day-exploit.html