Microsoft Windows continues to be plagued by vulnerabilities, while Linux and macOS are enjoying calmer waters. A week ahead of Christmas, Microsoft is patching 39 vulnerabilities in Windows. Out of these, 10 are critical and one is a publicly known zero-day security hole. According to Kaspersky Lab, “This is the third consecutive exploited Local Privilege Escalation vulnerability in Windows we discovered this autumn using our technologies.”

Kaspersky Lab said that unlike the previously reported vulnerabilities in win32k.sys , this one is a dangerous threat – a vulnerability in the Kernel Transaction Manager driver. “It can also be used to escape the sandbox in modern web browsers, including Chrome and Edge, since syscall filtering mitigations do not apply to ntoskrnl.exe system calls,” said Kaspersky.

Kaspersky Lab believes that this exploit is used by bad actors, including FruityArmor and SandCat.

Despite Microsoft’s efforts, Windows remains its Achilles heel, and it’s not just vulnerabilities in the OS. At times, Windows updates also break systems, including deleting user data.