CVE-2018-8453

[mfichera 2]

Do eset business products (ie endpoint security) protect users from the exploit described in the link below?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC

[itman 1,659]

See this link for further details: https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/

This is a kernel mode exploit that appears to be able to bypass the core integrity option Microsoft added in Win 10 1803.

Of note is the following:

Quote

Victims

The distribution of the attack seems to be highly targeted, affecting less than a dozen victims in the Middle East region, according to our telemetry.

Attribution

During our investigation, we discovered the attackers were using a PowerShell backdoor that has previously been seen exclusively used by the FruityArmor APT. There is also an overlap in the domains used for C2 between this new set of activity and previous FruityArmor campaigns. That makes us assess with medium confidence that FruityArmor is responsible for the attacks leveraging CVE-2018-8453.

 

Edited October 10, 2018 by itman

[Nightowl 202]

11 hours ago, mfichera said:

Do eset business products (ie endpoint security) protect users from the exploit described in the link below?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC

It seems that Microsoft has patched that exploit.

[itman 1,659]

3 hours ago, Rami said:

It seems that Microsoft has patched that exploit.

Yes. The patches were incorporated into the monthly Win Update that was release on 10/9. So anyone concerned about this should apply Win Updates ASAP.

https://securitytracker.com/id/1041828

 

Edited October 11, 2018 by itman