0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues
As part of January Patch Tuesday, Microsoft fixed a dangerous 0-day privilege escalation vulnerability for which a PoC exploit is available online. The vulnerability is already being exploited in attacks by highly skilled hacker groups. The exploit was published by Privacy