A new exploit for zero-day vulnerability CVE-2018-8589

[harlan4096]

Yesterday, Microsoft published its security bulletin, which patches a vulnerability discovered by our technologies. We reported it to Microsoft on October 17, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8589.

In October 2018, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft’s Windows operating system. Further analysis revealed a zero-day vulnerability in win32k.sys. The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system. So far, we have detected a very limited number of attacks using this vulnerability. The victims are located in the Middle East.

Kaspersky Lab products detected this exploit proactively using the following technologies:

• Behavioral Detection Engine and Automatic Exploit Prevention for endpoints
  
• Advanced Sandboxing and Anti-Malware Engine for Kaspersky Anti Targeted Attack Platform (KATA)
  

Kaspersky Lab verdicts for the artifacts in this campaign are:

• HEUR:Exploit.Win32.Generic
  
• HEUR:Trojan.Win32.Generic
  
• PDM:Exploit.Win32.Generic
  

More information about the attack is available to customers of Kaspersky Intelligence Reports. Contact: intelreports@kaspersky.com

Full reading: https://securelist.com/a-new-exploit-for...589/88845/