14 DAY TRIAL // This month’s Patch Tuesday updates for Windows clients and servers include a fix for a zero-day vulnerability discovered by security vendor Kaspersky and already exploited by malicious actors.
In a technical analysis of the issue, Kaspersky explains that the Win32k component flaw allows for Elevation of Privilege, and it has observed several attacks mostly aimed at targets in the Middle East region.
The security flaw exists in the way the Win32k component handles objects in memory, and an attacker who successfully exploits it could get full user right and take control of a system. However, an attack involves the malicious actor to get access to the system first and only then deploy a payload, like a crafted application to exploit the vulnerability.
Microsoft rated the flaw with an Important severity rating and confirmed it exists on Windows 7, Windows 8.1, and Windows 10, with all versions of these operating systems being affected. The newly-released Windows 10 version is impacted as well.
Patch, patch, patch
Kaspersky notes that the flaw was reported to Microsoft on August 17 and the October 2018 Patch Tuesday rollout fully resolves it.
“In August 2018 our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft Windows operating system. Further analysis into this case led us to uncover a zero-day vulnerability in win32k.sys,” Kaspersky explains.
“The exploit was executed by the first stage of a malware installer to get necessary privileges for persistence on the victim’s system. The code of the exploit is of high quality and written with the aim of reliably exploiting as many different MS Windows builds as possible, including MS Windows 10 RS4.”
The vulnerability is documented in CVE-2018-8453 and can be patched by installing the October 2018 security updates released by Microsoft. The number of attacks reported so far is limited, but patching is recommended especially on systems in the targeted region.