On November’s Patch Tuesday, Microsoft patched an elevation of privilege vulnerability (CVE-2016-7255) in MS16-135. It was reported that this vulnerability is being actively exploited by Pawn Storm, APT28, Fancy Bear. This blog is about what is this vulnerability and how does Microsoft fix it. Window, Child Window and CVE-2016-7255 Window plays an important part in Microsoft’s … Continue reading “CVE-2016-7255 Vulnerability Analysis and Patch Diff”