Woburn, MA – December 12, 2018 – Kaspersky Lab technologies have detected a new exploited vulnerability in the Microsoft Windows OS kernel, the third consecutive zero-day exploit discovered in three months. The most recent vulnerability, CVE-2018-8611, was found being used in malware targeting a small number of victims in the Middle East and Asia.
This vulnerability is particularly dangerous because it exists in the kernel mode module of the operating system, and it can be used to bypass built-in exploit mitigation mechanisms in modern web browsers, including Google Chrome and Microsoft Edge. Kaspersky Lab researchers reported the vulnerability to Microsoft, and a patch has been released.
All three recent Windows exploits were detected by Kaspersky Lab’s Automatic Exploit Prevention technology, embedded in most of the company’s products. Like the last two exploited vulnerabilities (CVE-2018-8589 and CVE-2018-8453), patched by Microsoft in October and November, respectively, the latest exploit was found used in-the-wild targeting victims in the Middle East and Africa. The malware writers referred to exploit CVE-2018-8589 as “Alice,” while the latest exploit was referred to as “Jasmine.” Kaspersky Lab researchers believe that multiple threat actors, including a new advanced persistent threat (APT) called Sandcat, have exploited this newest vulnerability.
“The detection of three kernel mode zero-days within a few months is evidence that our products use the best technologies, which are capable of detecting such sophisticated threats,” said Anton Ivanov, security expert at Kaspersky Lab. “For organizations, it is important to understand that to protect their perimeter they should use a combined solution, like endpoint protection with an advanced threat detection platform.”
Kaspersky Lab recommend the following security measures for businesses to stay protected against zero-day threats:
For further details on the latest Microsoft Windows exploit, read the full report on Securelist.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.