Vulnerability detected in Kernel Transaction Manager

[harlan4096]

Cybercriminals continue to stress-test Windows, and our protective technologies continue to detect their attempts and prevent exploitation. It is not the first or even the second discovery of this kind over the past three months. This time, our systems detected an attempt to exploit the vulnerability in Windows Kernel Transaction Manager.


The new zero-day exploit was used against several victims in the Middle East and Asia. The vulnerability it exploited, CVE-2018-8611, allowed an elevation of privilege in cases where the Windows kernel fails to handle objects in memory properly. As a result, malefactors can run arbitrary code in kernel mode.


In practice, that means malefactors can install programs, change or view data, or even create new accounts. According to our experts, the exploit can also be used to escape the sandbox in modern Web browsers, including Chrome and Edge. For technical details, see this Securelist post. Even more information about CVE-2018-8611 and the actors who tried to exploit it is available to customers of Kaspersky Intelligence Reports; contact [email=intelreports@kaspersky.com]intelreports@kaspersky.com
[/email]
Our experts reported this vulnerability to developers, and Microsoft just released a corresponding patch that corrects how the Windows kernel handles objects in memory.

Full reading: https://www.kaspersky.com/blog/cve-2018-...ted/24972/