Skip to main content

Kaspersky Lab Technology Detects Zero-Day Exploit for Microsoft Windows

November 15, 2018

Researchers uncover second consecutive zero-day exploit used in cyberattacks in the Middle East in just one month

Woburn, MA – November 14, 2018 – In October 2018, Kaspersky Lab Automatic Exploit Prevention technology, embedded in most of the company’s products, detected a new exploit for a zero-day vulnerability in Microsoft Windows. Kaspersky Lab reported the vulnerability, and Microsoft released a patch for it this week. This was the second consecutive zero-day exploit used in a series of cyberattacks in the Middle East in just one month.

Cyberattacks that leverage zero-day vulnerabilities are considered to be some of the most dangerous, as they involve the exploitation of an undiscovered weakness, making them difficult to detect and prevent. If these weaknesses are discovered by cybercriminals, such a vulnerability could be used for the creation of an exploit. For example, this “hidden threat” attack scenario is widely used by sophicticated actors in APT attacks.

Kaspersky Lab’s analysis into the new exploit led researchers to discover a previously unknown zero-day vulnerability. While the delivery method is still unknown, the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system. The exploit was only able to target machines running the 32-bit version of Windows 7. Upon discovery, Kaspersky Lab immediately reported the vulnerability to Microsoft.

According to Kaspersky Lab experts, there is no clear insight as to which actor(s) may be behind the attacks. However, the developed exploit is being used by at least one APT actor.*

Just a few weeks before this discovery, Kaspersky Lab spotted another exploit for a zero-day vulnerability in Microsoft Windows, which was being delivered to victims via a PowerShell backdoor. Kaspersky Lab technology proactively identified the threat, and it was reported to Microsoft and patched in early October.

“Autumn 2018 became quite a hot season for zero-day vulnerabilites,” said Anton Ivanov, security expert at Kaspersky Lab. “In just a month, we discovered two of these threats and detected two series of attacks in one region. The discreteness of cyberthreat actors’ activities reminds us that it is of critical importance for companies to have in their possesion all the necessary tools and solutions that would be intelligent enough to protect them from such sophisticated threats. Otherwise, they could face complex targeted attacks that will seemingly come out of nowhere.”

To avoid zero-day exploits, Kaspersky Lab recommends that companies implement the following technical measures:

  • If possible, avoid using software that is known to be vulnerable or recently used in cyber-attacks.
  • Make sure that all software used by your company is regularly updated to the most recent versions. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes. 
  • Use a robust security solution, such as Kaspersky Endpoint Security for Business, which is equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including exploits.
  • If your company could become a subject of targeted attacks, use advanced security tools like Kaspersky Anti Targeted Attack Platform.
  • Ensure your security team has access to the most recent cyberthreat intelligence

For more information on the zero-day exploit for Microsoft Windows detected by Kaspersky Lab, visit Securelist.com.

*For more details, please contact intelreports@kaspersky.com.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Media Contact
Meghan Rimol
781.503.2671
meghan.rimol@kaspersky.com

Kaspersky Lab Technology Detects Zero-Day Exploit for Microsoft Windows

Researchers uncover second consecutive zero-day exploit used in cyberattacks in the Middle East in just one month
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases