Security experts discovered a zero-day vulnerability affecting Microsoft Windows that is used by hackers to launch targeted attacks. It is being tracked in the CVE-2018-8453 advisory which describes it as a weakness in a Win32 Driver file. Microsoft has addressed the issue by releasing a security update.
The New Microsoft Windows Zero-day Vulnerability Is Tracked in CVE-2018-8453
A new Microsoft Windows zero-day vulnerability has been discovered by security experts. The bug was found during an intrusion alert scan showing that a criminal collective attempted to infiltrate target networks using an unknown exploit. During the investigation it was discovered that the new intrusion mechanism relied on a bug in the Microsoft Windows operating system.
The performed analysis appears to be in one of the main libraries used by Windows called win32k.sys which is the Win32 driver file. The description posted by Microsoft reads the following:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The available information about the bug shows that by exploiting the weakness the hacker operators can install malicious code as a persistent threat. This allows it to run every time the computer is started and it may also interact with system processes and third-party applications. The end goal is to allow the hackers to take over control of the target computer. It is confirmed that this works with many of the latest builds of the operating systems including Windows 10 RS4.
Most of the attacks appear to target computer users located in the Middle East which is a sign that the exploit is used in targeted attacks. Microsoft has already released an emergency security update, all users are urged to run Windows Update as soon as possible.