Microsoft patched a zero-day vulnerability that enabled attackers to escalate privileges on targeted systems. The vulnerability, rated important, was part of Microsoft s Patch Tuesday November security bulletin, which included 62 unique vulnerabilities, 12 of which are rated critical. The bug (CVE-2018-8589) is traced to a Windows device driver Win32k.sys, and could allow an attacker to run arbitrary code in the context of the local system. Kaspersky Lab is credited for discovering the vulnerability. To exploit the vulnerability the attacker must gain physical access to the target system.
Source: https://threatpost.com/microsoft-patches-zero-day-bug-in-win7-server-2008-and-2008-r2/139073/