On Monday, Microsoft provided details on how they collaborated with ESET and Adobe security researchers to find and neutralize a double zero-day exploit before an attacker had a chance to use it. This particular exploit affected both Adobe products (Acrobat and Reader) and Microsoft products (Windows 7 and Windows Server 2008).
The first exploit attacks the Adobe JavaScript engine to run shellcode in the context of that module. The second exploit, which does not affect modern platforms like Windows 10, allows the shellcode to escape Adobe Reader sandbox and run with elevated privileges from Windows kernel memory.
Microsoft and Adobe have already released security updates for these exploits, you can learn more about them from the links below.
►
CVE-2018-4990 | Security updates available for Adobe Acrobat and Reader | APSB18-09►
CVE-2018-8120 | Win32k Elevation of Privilege VulnerabilityIf you are interested in learning more about the exploit process, follow this
link.
source
