Security firms have begun to peel back the layers on two zero-day vulnerabilities that are being used in limited, targeted attacks against Microsoft s Windows Kernel. The flaws can lead to elevation of privilege attacks if left unpatched. Both vulnerabilities were patched in yesterday’s round of Patch Tuesday security bulletins. The bugs took a backseat of sorts to the news that an APT crew nicknamed Sandworm had been using another Windows zero day, CVE-2014-4114, to leverage tainted Powerpoint documents to deliver Black Energy malware.
Source: https://threatpost.com/two-patched-zero-days-targeting-windows-kernel/108860/