Researchers from Trustwave’s SpiderLabs team (a team of ethical hackers, forensic investigators and researchers helping organizations fight cybercrime, protect data and reduce risk) have uncovered a zero-day exploit on a Russian underground malware forum by the name of Exploit.in, which effects every version of Windows from Windows 2000 all the way up to Windows 10. The user who has the exploit, “BuggiCorp”, is looking to sell it for the sum of $90,000. The user claims the flaw is located in the win32k.sys kernel driver, and exists through the way Windows handles objects “with certain properties”. He goes on to explain:
“The exploit successfully escapes from ILL/appcontainer (LOW), bypassing (more precisely: doesn’t get affected at all [by]) all existing protection mechanisms such as ASLR, DEP, SMEP, etc. [The zero-day exploit] relies solely on the KERNEL32 and USER32 libraries [DLLs].”
The vulnerability is said to be a Local Privilege Escalation bug in Windows, which requires admin access to run malicious code on a system and by itself would not be able to compromise a system, but would nonetheless be used in almost any scenario as “a very much needed puzzle piece in the overall infection process.”.
According to Trustwave, the exploit also has the capability to install a rootkit, can be used on a POS system and steal personal credit card data, has limited control over web servers, and malware installation.
The user has provided a video (below) showcasing the authenticity of the exploit. Trustware has alerted Microsoft of the exploit however.