Posts: 15,815
Threads: 10,138
Thanks Received: 9,301 in 7,447 posts
Thanks Given: 10,215
Joined: 12 September 18
14 November 18, 08:11
![[Image: zero-day-CVE-2018-8589_01.png]](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/12100551/zero-day-CVE-2018-8589_01.png)
Quote:Yesterday, Microsoft published its security bulletin, which patches a vulnerability discovered by our technologies. We reported it to Microsoft on October 17, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8589.
In October 2018, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft’s Windows operating system. Further analysis revealed a zero-day vulnerability in win32k.sys. The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system. So far, we have detected a very limited number of attacks using this vulnerability. The victims are located in the Middle East.
Kaspersky Lab products detected this exploit proactively using the following technologies:
- Behavioral Detection Engine and Automatic Exploit Prevention for endpoints
- Advanced Sandboxing and Anti-Malware Engine for Kaspersky Anti Targeted Attack Platform (KATA)
Kaspersky Lab verdicts for the artifacts in this campaign are: - HEUR:Exploit.Win32.Generic
- HEUR:Trojan.Win32.Generic
- PDM:Exploit.Win32.Generic
More information about the attack is available to customers of Kaspersky Intelligence Reports. Contact: intelreports@kaspersky.com
Full reading:
https://securelist.com/a-new-exploit-for...589/88845/
![[-]](https://www.geeks.fyi/images/collapse.png)
