According to Kaspersky Lab, the vulnerability is being actively exploited by the FruityArmor APT actor.
Vulnerable component: Windows
CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-416 - Use After Free
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a use-after free error in win32kfull!xxxDestroyWindow Win32k component. A local user can run a specially crafted application, trigger memory corruption and execute arbitrary code in kernel mode.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: the vulnerability has been actively exploited in the wild.
Latest references in media:
- New threat actor SandCat exploited recently patched CVE-2018-8611 0day [2018-12-12 12:00:11]
- Windows Zero-Day Exploited by New 'SandCat' Group [2018-12-12 09:50:11]
- For the fourth month in a row, Microsoft patches Windows zero-day used in the wild | ZDNet [2018-12-11 21:40:10]
- Backdoors Up 44%, Ransomware Up 43% from 2017 [2018-12-05 00:10:06]
- Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks [2018-11-15 12:04:15]
- Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks [2018-11-15 12:02:14]
- November Patch Tuesday Fixes Another Zero-Day Win32k Bug, Other Public Vulnerabilities [2018-11-14 10:00:16]
- APT Group Uses Windows Zero-Day in Middle East Attacks [2018-11-14 08:20:12]
- Microsoft Patches Actively Exploited Windows Vulnerability [2018-11-13 23:00:10]
- Microsoft patches Windows zero-day used by multiple cyber-espionage groups | ZDNet [2018-11-13 22:20:12]
- Security Affairs newsletter Round 184 тАУ News of the week [2018-10-14 14:40:10]
- The October 2018 Security Update Review [2018-10-13 17:41:13]
- Update now! Microsoft fixes 49 bugs, 12 are critical [2018-10-11 13:20:17]
- Update now! Microsoft fixes 49 bugs, 12 are critical [2018-10-11 13:11:28]
- Patch Tuesday, October 2018 Edition [2018-10-11 10:20:14]
- Patch Tuesday, October 2018 Edition [2018-10-11 10:11:16]
- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw [2018-10-11 00:00:11]
- Microsoft Patch Tuesday, October 2018 [2018-10-10 16:41:02]
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East [2018-10-10 15:50:08]
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day [2018-10-10 12:01:17]
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day [2018-10-10 11:50:13]
- Microsoft Fixes Zero Day and Data Deletion Bugs [2018-10-10 11:10:08]
- Windows Zero-Day Exploited in Attacks Aimed at Middle East [2018-10-10 10:10:07]
- Zero-day exploit (CVE-2018-8453) used in targeted attacks [2018-10-10 09:00:52]
- Microsoft Released Security Update & Fixed 49 Vulnerabilities [2018-10-10 08:00:58]
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day [2018-10-10 07:50:12]
- Microsoft Patch Tuesday, October 2018 [2018-10-10 02:20:43]
- It's October 2018, and Exchange can be pwned by an 8 year-old... bug [2018-10-09 23:40:02]
- Microsoft Patches Zero-Day Under Active Attack by APT [2018-10-10 11:40:08]
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group [2018-10-09 22:20:08]
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT | ZDNet [2018-10-09 22:00:18]
- Microsoft Fixes Privilege Escalation 0Day Under Active Attack [2018-10-09 21:50:05]
- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities [2018-10-09 21:00:19]
- October 2018 Patch Tuesday тАУ Microsoft Releases Security Fixes for a Total 49 Vulnerabilities [2018-10-09 20:50:04]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.