In its regular weekly cycle of security updates, Microsoft has patched a vulnerability that was being used by multiple cyber-espionage groups. This was confirmed by the company that first uncovered the vulnerabilities, Kaspersky Lab.
The zero-day in question, one of the 62 in total that were patched this week, is named CVE-2018-8589. Microsoft describes it as "elevation of privilege" vulnerability.
“An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys,” Microsoft explains. “An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.”
Kaspersky Lab confirms that this vulnerability allows the attacker ‘persistence on a victim’s system’.
However, the vulnerability could not have been exploited on its own – hackers would still need to install malicious code on the system before being able to abuse the flaw. Kaspersky Lab says the target machines were Windows 7, 32-bit and Windows Server 2008, located mostly in the Middle East.
This is the second Windows elevation of privilege zero-day that Microsoft patched in the last two months, ZDNet notices. Both were uncovered by cyber security researchers from Kaspersky Lab.
Image Credit: Pavel Ignatov / Shutterstock