Zero-day vulnerability in Windows captured by our technologies

October 10, 2018

Usually, you need to teach security solutions about new vulnerabilities, but sometimes, Kaspersky Lab technologies teach us about new zero-days. This is just that kind of case. Our Automatic Exploit Prevention technology recently detected a new kind of cyberattack that tried to use a previously unknown exploit on a yet-undiscovered operating system vulnerability.

Analyzing the case, our experts figured out that the vulnerability was in win32k.sys, a Win32 Driver file. They immediately informed Microsoft about the issue so that their specialists could swiftly craft a security patch. On October 9, they disclosed the existence of the vulnerability and published a corresponding update that, among other things, fixed the CVE-2018-8453 vulnerability.

How dangerous was it?

Malware exploited this vulnerability to get enough privileges for persistence on a victim’s computer. So potentially, the vulnerability is very dangerous indeed — it can give attackers control over your PC. As our experts say, it aimed at as many as possible different MS Windows builds, including MS Windows 10 RS4.

Our solutions detected several attacks using this vulnerability. Most of the victims were located in the Middle East region. Our experts are sure that it was a very precisely targeted attack. But following disclosure, the number of such cases can rise.

More information about the technical details of the attack is available in this Securelist post.

How to stay safe

  • Install Microsoft’s patch immediately. It can be found here.
  • Regularly update the software that is used in your company to the most recent versions.
  • Use security products with vulnerability assessment and patch management capabilities to automate update processes.
  • Use a robust security solution equipped with behavior-based detection capabilities for effective protection against unknown threats including zero-day exploits.

Several of our technologies detect the exploit for this zero-day vulnerability. The first is the Advanced Sandboxing and Anti Malware engine for Kaspersky Anti Targeted Attack Platform (a solution made specifically to protect against APT threats). The second, Automatic Exploit Prevention, is an integral subsystem of our Kaspersky Endpoint Security for Business.