In the latest Cumulative Update, Microsoft has patched a vulnerability in Windows 10 discovered and reported by Kaspersky in August 2018 which was being used in very targetted attacks in the middle east. Microsoft writes: CVE-2018-8453| Win32k Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Windows when the Win32k component fails to…
In the latest Cumulative Update, Microsoft has patched a vulnerability in Windows 10 discovered and reported by Kaspersky in August 2018 which was being used in very targetted attacks in the middle east.
Microsoft writes:
CVE-2018-8453| Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Kaspersky believes the exploit was being used by hacker group FruityArmor and notes that the “ code of the exploit is of high quality and written with the aim of reliably exploiting as many different MS Windows builds as possible, including MS Windows 1 0 RS4.”
Kaspersky Lab says they detected the exploit proactively through the following technologies:
With only a few known victims in the middle east with a high-quality exploit it seems likely that the attacks are state-sponsored, but Kaspersky notes that the number of victims are too few to know for sure what the common pattern is.
Read all the details at Kaspersky here .