Kaspersky Lab Technology Detects Zero-Day Exploit for Microsoft Windows
Researchers uncover second consecutive zero-day exploit used in cyberattacks in the Middle East in just one month
Woburn, MA – November 14, 2018 – In October 2018, Kaspersky Lab Automatic Exploit Prevention technology, embedded in most of the company’s products, detected a new exploit for a zero-day vulnerability in Microsoft Windows. Kaspersky Lab reported the vulnerability, and Microsoft released a patch for it this week. This was the second consecutive zero-day exploit used in a series of cyberattacks in the Middle East in just one month.
Cyberattacks that leverage zero-day vulnerabilities are considered to be some of the most dangerous, as they involve the exploitation of an undiscovered weakness, making them difficult to detect and prevent. If these weaknesses are discovered by cybercriminals, such a vulnerability could be used for the creation of an exploit. For example, this “hidden threat” attack scenario is widely used by sophicticated actors in APT attacks.
Kaspersky Lab’s analysis into the new exploit led researchers to discover a previously unknown zero-day vulnerability. While the delivery method is still unknown, the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system. The exploit was only able to target machines running the 32-bit version of Windows 7. Upon discovery, Kaspersky Lab immediately reported the vulnerability to Microsoft.
According to Kaspersky Lab experts, there is no clear insight as to which actor(s) may be behind the attacks. However, the developed exploit is being used by at least one APT actor.*
Just a few weeks before this discovery, Kaspersky Lab spotted another exploit for a zero-day vulnerability in Microsoft Windows, which was being delivered to victims via a PowerShell backdoor. Kaspersky Lab technology proactively identified the threat, and it was reported to Microsoft and patched in early October.
“Autumn 2018 became quite a hot season for zero-day vulnerabilites,” said Anton Ivanov, security expert at Kaspersky Lab. “In just a month, we discovered two of these threats and detected two series of attacks in one region. The discreteness of cyberthreat actors’ activities reminds us that it is of critical importance for companies to have in their possesion all the necessary tools and solutions that would be intelligent enough to protect them from such sophisticated threats. Otherwise, they could face complex targeted attacks that will seemingly come out of nowhere.”
To avoid zero-day exploits, Kaspersky Lab recommends that companies implement the following technical measures:
- If possible, avoid using software that is known to be vulnerable or recently used in cyber-attacks.
- Make sure that all software used by your company is regularly updated to the most recent versions. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes.
- Use a robust security solution, such as Kaspersky Endpoint Security for Business, which is equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including exploits.
- If your company could become a subject of targeted attacks, use advanced security tools like Kaspersky Anti Targeted Attack Platform.
- Ensure your security team has access to the most recent cyberthreat intelligence.
For more information on the zero-day exploit for Microsoft Windows detected by Kaspersky Lab, visit Securelist.com.
*For more details, please contact intelreports@kaspersky.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Media Contact
Meghan Rimol
781.503.2671
meghan.rimol@kaspersky.com
Kaspersky Lab Technology Detects Zero-Day Exploit for Microsoft Windows
Kaspersky
Related Articles Virus News
Vulnerabilities in Connected Electric Car Chargers Could Damage Home Networks
New Kaspersky Lab research identifies security flaws that could allow cybercriminals to manipulate amount of electricity sent to vehiclesRead More >Kaspersky Lab Uncovers Third Windows Zero-Day Exploit in Three Months
Vulnerability could allow cybercriminals to bypass built-in exploit mitigation mechanisms in web browsersRead More >Remote Access Nightmare: Amount of Malware Found to be Backdoors Increases by 44% in 2018
New report shows Kaspersky Lab technologies detected 346,000 new malicious files every day in the first ten months of the yearRead More >