Windows 10 News and info | Forum
October 23, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Microsoft patches zero-day Windows 10 exploit being used for targeted attacks  (Read 20 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 29076


I Do Windows


WWW Email
« on: October 11, 2018, 12:06:55 PM »
ReplyReply

In the latest Cumulative Update, Microsoft has patched a vulnerability in Windows 10 discovered and reported by Kaspersky in August 2018 which was being used in very targetted attacks in the middle east.

Microsoft writes:

Quote
CVE-2018-8453 | Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.


Kaspersky believes the exploit was being used by hacker group FruityArmor  and notes that the “code of the exploit is of high quality and written with the aim of reliably exploiting as many different MS Windows builds as possible, including MS Windows 10 RS4.”

Kaspersky Lab says they detected the  exploit proactively through the following technologies:

■ Behavioral detection engine and Automatic Exploit Prevention for endpoints

■ Advanced Sandboxing and Anti Malware engine for Kaspersky Anti Targeted Attack Platform (KATA)

With only a few known victims in the middle east with a high-quality exploit it seems likely that the attacks are state-sponsored, but Kaspersky notes that the number of victims are too few to know for sure what the common pattern is.

Read all the details at Kaspersky here.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 12, 2018, 04:25:23 PM