Zero-day vulnerability in Windows

Elevation of privilege
CVE-2017-0263

The vulnerability was used by APT28 team along with another zero-day CVE-2017-0262.

Known malware:

GAMEFISH

Vulnerability details

Advisory: SB2017050908 - Multiple vulnerabilities in Win32.sys in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2017-0263

CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-20 - Improper Input Validation

Description:

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to boundary error in Win32k.sys driver. A local user can escalate privileges on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Latest references in media:

- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw [2018-10-11 00:00:11]

- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East [2018-10-10 15:50:08]

- Windows Zero-Day Exploited in Attacks Aimed at Middle East [2018-10-10 10:10:07]

- Zero-day exploit (CVE-2018-8453) used in targeted attacks [2018-10-10 09:00:52]

- New Silence hacking group suspected of having ties to cyber-security industry | ZDNet [2018-09-05 13:30:10]

- Malicious PDF Leads to Discovery of Adobe Reader, Windows Zero-Days [2018-05-16 14:43:31]

- A Slice of 2017 Sofacy Activity [2018-02-20 15:10:22]

- Don't Fall Victim to IP Theft and Corporate Espionage [2018-02-01 13:51:09]

- Russian Cyberspies Are Rushing to Exploit Recent Flash 0-Day Before It Goes Cold [2017-10-20 11:02:17]

- Kaspersky Details APT Trends for Q2 2017 [2017-08-10 20:00:48]

- Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution [2017-05-23 23:40:40]

- Microsoft’s New Security Update Guides Get Mixed Reviews [2017-05-11 21:01:05]

- Cisco Patches IOS XE Vulnerability Leaked in Vault 7 Dump [2017-05-10 16:10:58]

- Microsoft's May 2017 Patch Tuesday issues updates for a total of 55 vulnerabilities, including four zero-days. [2017-05-10 12:50:08]

- Microsoft Addresses Zero-Day Vulnerability Ahead of Patch Tuesday [2017-05-10 12:40:21]

- No Let Up for Admins as Microsoft Patches 56 Vulnerabilities [2017-05-10 12:20:09]

- Microsoft Security Updates for May 2017 Include Fixes for Four Zero-Days [2017-05-10 11:10:43]

- 3 of 4 Zero-Days Microsoft Patched Yesterday Were Used by Russian Cyberspies [2017-05-10 11:10:43]

- Microsoft Patch Tuesday updates for May 2017 fix Zero Days exploited by Russian APT groups [2017-05-10 08:30:21]

- Microsoft Patches Zero-Days Exploited by Russia-Linked Hackers [2017-05-10 06:10:23]

- It's 2017 and Windows PCs are being owned by EPS files, webpages [2017-05-10 00:10:01]

- Microsoft fixes 55 flaws, 3 of them exploited by Russian cyberspies [2017-05-09 23:50:59]

- Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies [2017-05-09 23:30:02]

- Microsoft Plugs Three Zero Day Holes as Part of May Patch Tuesday [2017-05-09 23:20:24]

- Microsoft Security Updates for May 2017 Include Fixes for Three Zero-Days [2017-05-09 22:40:34]

- EPS Processing Zero-Days Exploited by Multiple Threat Actors [2017-05-09 19:20:17]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.