Home > Cyber News > Exploit Void: Zero-Day in Windows Up For Sale for $90,000
CYBER NEWS

Exploit Void: Zero-Day in Windows Up For Sale for $90,000

firefighters-training-live-fire-37543

How Much Would You Pay for a Windows 0-Day?

Author: Diana Stoykova

An attacker, going by the name BuggiCorp, claims to have found a way to exploit a serious, yet undocumented, vulnerability in every version of Windows from Windows 2000 on up to Microsoft’s flagship Windows 10 operating system, which means this threat can affect over 1.5 billion users.

More Windows Exploits:
Hot Potato Exploit
Critical Windows 10 Vulnerability

The bug was offered for the price of $90,000 on a Russian underground hacking forum and was discovered by security firm Trustwave. The cyber criminal illustrates his claim by posting two YouTube videos, giving detail on the way his exploit bypasses all security features in Microsoft’s newest version of the Microsoft’s Enhanced Mitigation Experience Toolkit (EMET).

The vulnerability is offered for sale to just one person, who will receive the exploit’s source code, a fully functional demo, the Microsoft Visual Studi0 2005 project file, and free future updates for any Windows version the exploit may fail to run on, as explained by Softpedia.

BuggiCorp gave several technical specifications in his forum post. Apart from suggesting the vulnerability is valid for all OS architectures (x86 and x64), he also claims, for example, that it is of the “write-what-where” type, which is a condition where the cybercriminal is able to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

Will Someone Pay for the Zero-Day?

Although the claims are still unverified by cyber security specialists with Microsoft, it is very likely to be a real one and the crook could actually make more profit by pledging a bounty reward from Microsoft than to the cyber criminal community. It is believed by Trustwave that even though the zero-day is too expensive, someone will definitely pay it. Experts claim, however, that it can’t be used to infect computers, but only to give better access, because it is a second-phase exploit in its nature, gaining boot persistence.

Microsoft has invested a lot in its bug bounty program and is believed to present high levels of security, although the threats of malware on its systems are becoming more and more challenging. Still, Miscrosoft is considered to offer one of the best product security on the contemporary market.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree