Zero-day vulnerability in Windows

Use-after-free
CVE-2018-8453

According to Kaspersky Lab, the vulnerability is being actively exploited by the FruityArmor APT actor.

Known malware:

HEUR:Exploit.Win32.Generic
HEUR:Trojan.Win32.Generic
PDM:Exploit.Win32.Generic

Vulnerability details

Advisory: SB2018100920 - Privilege escalation in Microsoft Windows Win32k

Vulnerable component: Windows

CVE-ID: CVE-2018-8453

CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-416 - Use After Free

Description:

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a use-after free error in win32kfull!xxxDestroyWindow Win32k component. A local user can run a specially crafted application, trigger memory corruption and execute arbitrary code in kernel mode.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: the vulnerability has been actively exploited in the wild.

Latest references in media:

- Security Affairs newsletter Round 184 тАУ News of the week [2018-10-14 14:40:10]

- The October 2018 Security Update Review [2018-10-13 17:41:13]

- Update now! Microsoft fixes 49 bugs, 12 are critical [2018-10-11 13:20:17]

- Update now! Microsoft fixes 49 bugs, 12 are critical [2018-10-11 13:11:28]

- Patch Tuesday, October 2018 Edition [2018-10-11 10:20:14]

- Patch Tuesday, October 2018 Edition [2018-10-11 10:11:16]

- FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw [2018-10-11 00:00:11]

- Microsoft Patch Tuesday, October 2018 [2018-10-10 16:41:02]

- CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East [2018-10-10 15:50:08]

- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day [2018-10-10 12:01:17]

- October 2018 Patch Tuesday: Microsoft fixes 49 flaws, one APT-wielded zero-day [2018-10-10 11:50:13]

- Microsoft Fixes Zero Day and Data Deletion Bugs [2018-10-10 11:10:08]

- Windows Zero-Day Exploited in Attacks Aimed at Middle East [2018-10-10 10:10:07]

- Zero-day exploit (CVE-2018-8453) used in targeted attacks [2018-10-10 09:00:52]

- Microsoft Released Security Update & Fixed 49 Vulnerabilities [2018-10-10 08:00:58]

- October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day [2018-10-10 07:50:12]

- Microsoft Patch Tuesday, October 2018 [2018-10-10 02:20:43]

- It's October 2018, and Exchange can be pwned by an 8 year-old... bug [2018-10-09 23:40:02]

- Microsoft Patches Zero-Day Under Active Attack by APT [2018-10-10 11:40:08]

- Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group [2018-10-09 22:20:08]

- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT | ZDNet [2018-10-09 22:00:18]

- Microsoft Fixes Privilege Escalation 0Day Under Active Attack [2018-10-09 21:50:05]

- Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities [2018-10-09 21:00:19]

- October 2018 Patch Tuesday тАУ Microsoft Releases Security Fixes for a Total 49 Vulnerabilities [2018-10-09 20:50:04]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.