Security researchers discovered the CVE-2018-8589 Windows zero-day flaw has been exploited by the APT groups to target middle east organizations
Security researchers discovered the CVE-2018-8589 Windows zero-day flaw has been exploited by the APT groups to target middle east organizations. The zero-day vulnerability was discovered by researchers at Kaspersky Lab and reported it to Microsoft on October 17. The flaw was addressed by Microsoft in the November 2018 Patch Tuesday security bulletin. “In October 2018, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft’s Windows operating system. Further analysis revealed a zero-day vulnerability in win32k.sys. The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system.” said in the analysis published by Kaspersky Labs. The flaw could be exploited by the attacker to run a arbitrary code in the security context of the local system. The attacker could then install, view, change, or delete data and create new accounts with full user rights. The attacker needs to be logged in to the system to exploit the vulnerability and by running a specially crafted application the attacker could take control of the affected system. According to Kaspersky Lab researchers, the flaw is a race condition present in win32k!xxxMoveWindow because of the improper locking of messages sent synchronously between threads. Researchers said that till now they have detected limited numbers of attackers using this vulnerability. All the victims who were targeted until now were located in the Middle East. For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin and Twitter.
You may be interested in reading:Cathay Pacific Airline Announces Data Breach Affecting 9.4 million Passengers