"Microsoft Fixes Actively Exploited Zero-Day Reported by the NSA" 

Microsoft has released patches for 128 CVE-numbered vulnerabilities. One of the vulnerabilities is a zero-day that has been exploited in the wild. A Proof of Concept (PoC) and a Metasploit module is already available for another vulnerability. The zero-day vulnerability exists in the Windows Common Log File System Driver, which was reported by the National Security Agency (NSA) and researchers at Crowdstrike. According to Dustin Childs, with Trend Micro's Zero Day Initiative, this vulnerability only enables privilege escalation, so it is likely paired with a separate code execution bug. The other flaw for which a Metasploit module is available is also an elevation of privilege (EoP) flaw that affects the Windows User Profile Service. Exploiting this vulnerability requires the attacker to perfectly time their attack to win a race condition, but Microsoft has still rated it as 'Exploitation More Likely.' Another vulnerability that should be patched as soon as possible is a Remote Procedure Call (RPC) Runtime Library Remote Code Execution (RCE) flaw, which was discovered in Microsoft's Server Message Block (SMB) functionality. The SMB protocol is primarily used for file sharing and inter-process communication, including RPCs. RPCs enable one program to request a service or functionality from another program on the network (Internet and/or intranet). An attacker can use the RPC Runtime Library RCE flaw to create a specially-crafted RPC for executing code on the remote server with the same permissions as the RPC service. This article continues to discuss the exploitation and severity of some of the CVE-numbered vulnerabilities recently patched by Microsoft.  

Help Net Security reports "Microsoft Fixes Actively Exploited Zero-Day Reported by the NSA"