Attackers now used poem Windows leak in hacks in Middle East




According to security company Kaspersky Labs, an APT group used a now-fixed Windows vulnerability to targeted attacks in the Middle East. Microsoft sealed the vulnerability along with 48 other leaks during a new Patch Tuesday .

In an analysis of the leak, indicated by CVE-2018-8453 , Kaspersky writes that this was used by a group that indicates it with FruityArmor. It would be the second time that this group has a zero-day vulnerability. Until now, it would be an ‘extremely targeted campaign’ with a small number of targets in the Middle East. The security company attributes the attacks to the group based on a previously used backdoor, which would be used exclusively by FruityArmor, and overlap between the current and previous command and control infrastructure.

Microsoft closed the vulnerability during its monthly schedule, also known as Patch Tuesday. The company writes that it is an actively attacked leak and thanks Kaspersky for its discovery. The vulnerability is present in the win32k.sys driver and, according to Microsoft, allows an attacker to obtain elevated rights to a vulnerable Windows system through privilege escalation . Among others, Windows 10 was hit by the leak. According to Kaspersky, the vulnerability was used in malware to obtain the necessary rights and to remain on an infected system.

In his monthly patron, Microsoft has solved a total of 49 leaks, including 12 criticisms. Amongst other things, Trend Micro’s Zero Day Initiative provides an overview . In it, it mentions three leaks that were publicly known before a patch became available. This concerns CVE-2018-8423 , CVE-2018-8497 and CVE-2018-8431 .


In: A Technology & Gadgets Asked By: [22801 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »