CVE-2018-8611 Used in Malware Attacks Shortly After Microsoft Patched It
CYBER NEWS

CVE-2018-8611 Used in Malware Attacks Shortly After Microsoft Patched It

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

CVE-2018-8611 is one the vulnerabilities addressed in December 2018’s Patch Tuesday. The flaw is a kernel zero-day which was just patched but appears to be exploited by several threat actors, Kaspersky Lab researchers report.




CVE-2018-8611 Kernel Zero-Day Bug Recently Exploited in Attacks

More specifically, CVE-2018-8611 is a privilege escalation vulnerability which is caused by the failure of the Windows kernel to properly handle objects in memory. And as explained in Microsoft’s advisory, an attacker who successfully exploited the flaw could run arbitrary code in kernel mode. Kaspersky Lab researchers were the first to detect the zero-day, and they were the ones who reported it to Microsoft and detected the active malicious campaigns exploiting the flaw.

Just like with CVE-2018-8589, we believe this exploit is used by several threat actors including, but possibly not limited to, FruityArmor and SandCat”, Kaspersky researchers said. The zero-day was caught in action with the help of a behavioral detection engine and an advanced sandboxing anti-malware engine.

The thing with this vulnerability is that it successfully bypasses modern process mitigation policies, such as Win32k System call Filtering used in the Microsoft Edge Sandbox and the Win32k Lockdown Policy used in the Google Chrome Sandbox, among others. Combined with a compromised renderer process, for example, this vulnerability can lead to a full Remote Command Execution exploit chain in the latest state-of-the-art web-browsers, the researchers noted.

According to Kaspersky, the vulnerability was used in attacks against targets in the Middle East and Africa. The researchers also believe that there are some connections to the security flaw patched by Microsoft a couple of months ago, CVE-2018-8589. The vulnerability became known as “Alice” by malware developers, and CVE-2018-8611 was dubbed as “Jasmine.”

The CVE-2018-8589 vulnerability which was classified as an elevation of privilege, affects the Windows Win32k component. It is crucial to note that threat actors first need to infect the system prior to exploiting CVE-2018-8589 to gain elevated privileges.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...