Microsoft patches zero-day Windows 10 exploit being used for targeted attacks

In the latest Cumulative Update, Microsoft has patched a vulnerability in Windows 10 discovered and reported by Kaspersky in August 2018 which was being used in very targetted attacks in the middle east.

Microsoft writes:

CVE-2018-8453 | Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.

Kaspersky believes the exploit was being used by hacker group FruityArmor  and notes that the “code of the exploit is of high quality and written with the aim of reliably exploiting as many different MS Windows builds as possible, including MS Windows 10 RS4.”

Kaspersky Lab says they detected the  exploit proactively through the following technologies:

  • Behavioral detection engine and Automatic Exploit Prevention for endpoints
  • Advanced Sandboxing and Anti Malware engine for Kaspersky Anti Targeted Attack Platform (KATA)

With only a few known victims in the middle east with a high-quality exploit it seems likely that the attacks are state-sponsored, but Kaspersky notes that the number of victims are too few to know for sure what the common pattern is.

Read all the details at Kaspersky here.

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.

Related
Comments