The zero-day was being actively exploited by Russian hackers (APT28, Fancy Bear, Pawn Storm, Sednit, Tsar Team, and Sofacy).
Vulnerable component: Windows
CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C
CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a local user to gain elevated privileges on the target system.
The weakness is due to improper handling of objects in memory by win32k.sys. By sending a specially crafted system call NtSetWindowLongPtr(), a local attacker can set index GWLP_ID to WS_CHILD value on a window handle with GWL_STYLE and execute arbitrary code with system privileges.
Successful explotation of the vulnerability results in privilege escalation.
Note: this vulnerability is being actively exploited in the wild.
Latest references in media:
- Hardening Windows 10 with zero-day exploit mitigations [2017-01-13 22:28:49]
- Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations [2017-05-15 00:10:06]
- Microsoft Patches Zero-Days Exploited by Russia-Linked Hackers [2017-05-10 06:10:23]
- EPS Processing Zero-Days Exploited by Multiple Threat Actors [2017-05-09 19:20:17]
- Nation States Distancing Themselves from APTs [2017-02-14 16:50:28]
- Windows 10 Blocks Zero-Days Before Patches Arrive: Microsoft [2017-01-19 00:07:06]
- Windows 10 Anniversary Update crushed exploits without need of patches [2017-01-16 09:10:01]
- Lithuania government PCs infected by a Russian spyware [2016-12-28 06:54:59]
- German Industrial Giant Victim of Cyber Espionage [2016-12-12 16:46:11]
- One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild [2016-12-02 10:56:21]
- InPage Zero Day Used in Attacks Against Banks [2016-11-23 15:08:13]
- Army Bug Bounty Building New Relationships with Hackers [2016-11-14 18:05:06]
- Security Affairs newsletter Round 86 тАУ News of the week [2016-11-13 14:05:31]
- Pawn Storm APT conducted spear-phishing attacks before zero-days was fixed [2016-11-13 10:54:57]
- Cyberspies Ramped Up Attacks After Exposure of Zero-Days [2016-11-09 20:23:28]
- November Patch Tuesday fixes controversial Windows 0-day hole [2016-11-09 18:54:57]
- Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched [2016-11-09 14:27:42]
- Microsoft patches 68 vulnerabilities, two actively exploited ones [2016-11-09 12:24:29]
- Heavy Patch Tuesday on US Election Day [2016-11-09 12:12:06]
- Microsoft patches CVE-2016-7255 Windows zero-day exploited by Fancy Bear [2016-11-09 09:24:35]
- Patch Tuesday of November 2016: Six Critical Bulletins, Eight Important [2016-11-09 06:30:46]
- Microsoft patches 68 vulnerabilities, two actively exploited ones [2016-11-09 01:02:26]
- Nov 2016 Patch Tuesday: Microsoft released 14 security updates, 6 rated critical [2016-11-08 21:02:39]
- Microsoft Patches Windows Zero-Day Exploited by Russian Hackers [2016-11-08 20:23:26]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.