CVE-2018-8453: Microsoft Windows Zero-Day Vulnerability Used in Attacks Worldwide

Security experts discovered a zero-day vulnerability affecting Microsoft Windows that is used by hackers to launch targeted attacks. It is being tracked in the CVE-2018-8453 advisory which describes it as a weakness in a Win32 Driver file. Microsoft has addressed the issue by releasing a security update.

The New Microsoft Windows Zero-day Vulnerability Is Tracked in CVE-2018-8453

A new Microsoft Windows zero-day vulnerability has been discovered by security experts. The bug was found during an intrusion alert scan showing that a criminal collective attempted to infiltrate target networks using an unknown exploit. During the investigation it was discovered that the new intrusion mechanism relied on a bug in the Microsoft Windows operating system.

The performed analysis appears to be in one of the main libraries used by Windows called win32k.sys which is the Win32 driver file. The description posted by Microsoft reads the following:

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The available information about the bug shows that by exploiting the weakness the hacker operators can install malicious code as a persistent threat. This allows it to run every time the computer is started and it may also interact with system processes and third-party applications. The end goal is to allow the hackers to take over control of (Read more…)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Martin Beltov. Read the original post at: