Zero-day vulnerability in Windows

Buffer overflow
CVE-2018-8589

The vulnerability was privately reported to Microsoft by Kaspersky Lab.

Vulnerability details

Advisory: SB2018111308 - Privilege escalation in Windows Win32k.sys driver

Vulnerable component: Windows

CVE-ID: CVE-2018-8589

CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within Win32k.sys driver. A local user can create a specially crafted application, run it on vulnerable system and execute code withe superuser privileges.

Note: this vulnerability is being actively exploited in limited targeted attacks.

Latest references in media:

- Update now! Microsoft patches another zero-day flaw [2018-12-20 23:01:17]

- Update now! Microsoft patches another zero-day flaw [2018-12-20 23:00:16]

- Microsoft releases security update for new IE zero-day | ZDNet [2018-12-19 22:20:08]

- December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild [2018-12-12 14:11:32]

- December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild [2018-12-12 14:10:12]

- New threat actor SandCat exploited recently patched CVE-2018-8611 0day [2018-12-12 12:00:11]

- Windows Zero-Day Exploited by New 'SandCat' Group [2018-12-12 09:50:11]

- Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611) [2018-12-27 10:40:25]

- Windows Kernel Vulnerability Exploited in Attacks [2018-12-11 22:00:12]

- For the fourth month in a row, Microsoft patches Windows zero-day used in the wild | ZDNet [2018-12-11 21:40:10]

- Backdoors Up 44%, Ransomware Up 43% from 2017 [2018-12-05 00:10:06]

- Kaspersky Security Bulletin 2018. Top security stories [2018-12-27 10:40:15]

- Security Affairs newsletter Round 189 тАУ News of the week [2018-11-18 09:40:07]

- Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister [2018-11-16 10:21:30]

- 63 new vulnerabilities found in Windows [2018-11-15 12:31:26]

- 63 new vulnerabilities found in Windows [2018-11-15 12:14:54]

- Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks [2018-11-15 12:04:15]

- Patch Tuesday, November 2018 Edition [2018-11-15 12:03:30]

- Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks [2018-11-15 12:02:14]

- Patch Tuesday problems include even more reported bugs with Win10 version 1809 [2018-11-15 12:01:35]

- 63 New Flaws (Including 0-Days) Windows Users Need to Patch Now | The Hacker News is a popular and trusted cybersecurity news source for researchers, hackers, technologists, enthusiasts and nerds. [2018-11-15 12:00:46]

- November Patch Tuesday Fixes Another Zero-Day Win32k Bug, Other Public Vulnerabilities [2018-11-14 10:00:16]

- APT Group Uses Windows Zero-Day in Middle East Attacks [2018-11-14 08:20:12]

- A new exploit for zero-day vulnerability CVE-2018-8589 [2018-12-27 10:39:54]

- Microsoft Security Updates Fixed More than 60 Vulnerabilities [2018-11-14 07:51:06]

- Microsoft Patch Tuesday, November 2018 [2018-11-14 01:40:49]

- Microsoft Patch Tuesday, November 2018 [2018-11-14 01:20:55]

- It's November 2018, and Microsoft's super-secure Edge browser can be pwned eight different ways by a web page [2018-11-14 01:10:02]

- MicrosoftтАЩs Patch Tuesday updates for November 2018 fix actively exploited Windows flaw [2018-11-14 00:10:13]

- Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2 [2018-11-13 23:20:13]

- Microsoft Patches Actively Exploited Windows Vulnerability [2018-11-13 23:00:10]

- Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed [2018-11-13 23:00:06]

- Microsoft patches Windows zero-day used by multiple cyber-espionage groups | ZDNet [2018-11-13 22:20:12]

- The November 2018 Security Update Review [2018-11-13 22:11:24]

- Microsoft November 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities [2018-11-13 20:50:30]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.