Zero-day vulnerability in Windows

Race condition
CVE-2018-8611

This vulnerability was reported to Microsoft by Kaspersky Lab. It is believed it was used by FruityArmor and SandCat APT groups against companies in the Middle East and Africa.

Vulnerability details

Advisory: SB2018121105 - Privilege escalation in Windows kernel

Vulnerable component: Windows

CVE-ID: CVE-2018-8611

CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Description:

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to a race condition within the Kernel Transaction Manager driver (ntoskrnl.exe) when processing transacted file operations in kernel mode. A local user can create a specially program, and run arbitrary code on the system n kernel mode.

Note: the vulnerability is being exploited in the wild.

Latest references in media:

- CERT/CC Details Critical Flaws in Microsoft Windows, Server [2019-01-04 22:00:04]

- CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server [2019-01-04 19:40:21]

- Links 13/12/2018: IRS Migration, GNOME 3.31.3 Released [2018-12-21 11:31:46]

- Update now! Microsoft patches another zero-day flaw [2018-12-20 23:01:17]

- Update now! Microsoft patches another zero-day flaw [2018-12-20 23:00:16]

- Microsoft releases security update for new IE zero-day | ZDNet [2018-12-19 22:20:08]

- Security Affairs newsletter Round 192 – News of the week [2018-12-16 15:20:10]

- Security Affairs newsletter Round 192 – News of the week [2018-12-16 14:40:13]

- Microsoft December Patch Tuesday Addresses Nine Critical Vulnerabilities Including A Zero-Day [2018-12-14 13:31:19]

- Update now! Microsoft and Adobe’s December 2018 Patch Tuesday is here [2018-12-13 14:01:33]

- Update now! Microsoft and Adobe’s December 2018 Patch Tuesday is here [2018-12-13 14:00:17]

- Microsoft Relesed Security Updates & Fixed 39 Vulnerabilities [2018-12-13 03:31:01]

- 126 vulnerabilities patched in Microsoft and Adobe this December 2018 [2018-12-13 01:41:18]

- Threat Actor Actively Exploiting Windows kernel 0day Vulnerability in Wild [2018-12-13 01:31:01]

- Patch Tuesday breaks records — some good, most bad — and ‘Check for Updates’ still stings [2018-12-12 19:10:12]

- Microsoft issues Patch Tuesday fixes for 39 vulnerabilities [2018-12-12 15:20:06]

- December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild [2018-12-12 14:11:32]

- December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild [2018-12-12 14:10:12]

- Microsoft patches 'dangerous' zero-day already being exploited by hacking groups | TheINQUIRER [2018-12-12 13:10:11]

- December 2018 – Microsoft Patch Tuesday [2018-12-12 12:30:18]

- New threat actor SandCat exploited recently patched CVE-2018-8611 0day [2018-12-12 12:00:11]

- Microsoft and Adobe Patch 100+ Bugs in December [2018-12-12 11:20:07]

- Windows Zero-Day Exploited by New 'SandCat' Group [2018-12-12 09:50:11]

- Patch Tuesday December 2018—Microsoft Releases Security Updates for 39 Vulnerabilities, Including a Windows Zero-Day Flaw (CVE-2018-8611) Under Active Attack [2018-12-12 09:50:08]

- Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611) [2018-12-27 10:40:25]

- December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities [2018-12-12 07:50:18]

- It's December of 2018 and, to hell with it, just patch your stuff [2018-12-12 02:20:02]

- Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack [2018-12-11 23:50:07]

- Zero-Day Bug Fixed by Microsoft in December Patch Tuesday [2018-12-11 23:10:12]

- Microsoft December 2018 Patch Tuesday Fixes Actively Used Zero-Day Vulnerability [2018-12-11 22:40:22]

- Patch Tuesday, December 2018 Edition [2018-12-11 22:31:35]

- Patch Tuesday, December 2018 Edition [2018-12-11 22:30:18]

- Windows Kernel Vulnerability Exploited in Attacks [2018-12-11 22:00:12]

- For the fourth month in a row, Microsoft patches Windows zero-day used in the wild | ZDNet [2018-12-11 21:40:10]

- The December 2018 Security Update Review [2018-12-11 19:31:26]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.