According to Kaspersky Lab, the vulnerability is being actively exploited by the FruityArmor APT actor.
Vulnerable component: Windows
CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-416 - Use After Free
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a use-after free error in win32kfull!xxxDestroyWindow Win32k component. A local user can run a specially crafted application, trigger memory corruption and execute arbitrary code in kernel mode.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: the vulnerability has been actively exploited in the wild.
Latest references in media:
- Security Affairs newsletter Round 184 тАУ News of the week [2018-10-14 14:40:10]
- The October 2018 Security Update Review [2018-10-13 17:41:13]
- Update now! Microsoft fixes 49 bugs, 12 are critical [2018-10-11 13:20:17]
- Update now! Microsoft fixes 49 bugs, 12 are critical [2018-10-11 13:11:28]
- Patch Tuesday, October 2018 Edition [2018-10-11 10:20:14]
- Patch Tuesday, October 2018 Edition [2018-10-11 10:11:16]
- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw [2018-10-11 00:00:11]
- Microsoft Patch Tuesday, October 2018 [2018-10-10 16:41:02]
- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East [2018-10-10 15:50:08]
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day [2018-10-10 12:01:17]
- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day [2018-10-10 11:50:13]
- Microsoft Fixes Zero Day and Data Deletion Bugs [2018-10-10 11:10:08]
- Windows Zero-Day Exploited in Attacks Aimed at Middle East [2018-10-10 10:10:07]
- Zero-day exploit (CVE-2018-8453) used in targeted attacks [2018-10-10 09:00:52]
- Microsoft Released Security Update & Fixed 49 Vulnerabilities [2018-10-10 08:00:58]
- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day [2018-10-10 07:50:12]
- Microsoft Patch Tuesday, October 2018 [2018-10-10 02:20:43]
- It's October 2018, and Exchange can be pwned by an 8 year-old... bug [2018-10-09 23:40:02]
- Microsoft Patches Zero-Day Under Active Attack by APT [2018-10-10 11:40:08]
- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group [2018-10-09 22:20:08]
- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT | ZDNet [2018-10-09 22:00:18]
- Microsoft Fixes Privilege Escalation 0Day Under Active Attack [2018-10-09 21:50:05]
- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities [2018-10-09 21:00:19]
- October 2018 Patch Tuesday тАУ Microsoft Releases Security Fixes for a Total 49 Vulnerabilities [2018-10-09 20:50:04]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.