A high-severity Windows driver bug is being exploited in the wild as a zero-day. It allows local privilege escalation and sandbox escape. Google Project Zero disclosed the bug before a patch becomes available from Microsoft. Microsoft is expected to fix the bug on its next Patch Tuesday update, on Nov. 10. Researchers say the attacks are targeted and unrelated to any U.S. election-related targeting. The bug appears to affect Windows versions going back to Windows 7, according to researchers.
Source: https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/