mfichera 2 Posted October 10, 2018 Posted October 10, 2018 Do eset business products (ie endpoint security) protect users from the exploit described in the link below? https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC
itman 1,811 Posted October 10, 2018 Posted October 10, 2018 (edited) See this link for further details: https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/ This is a kernel mode exploit that appears to be able to bypass the core integrity option Microsoft added in Win 10 1803. Of note is the following: Quote Victims The distribution of the attack seems to be highly targeted, affecting less than a dozen victims in the Middle East region, according to our telemetry. Attribution During our investigation, we discovered the attackers were using a PowerShell backdoor that has previously been seen exclusively used by the FruityArmor APT. There is also an overlap in the domains used for C2 between this new set of activity and previous FruityArmor campaigns. That makes us assess with medium confidence that FruityArmor is responsible for the attacks leveraging CVE-2018-8453. Edited October 10, 2018 by itman
Most Valued Members Nightowl 206 Posted October 11, 2018 Most Valued Members Posted October 11, 2018 11 hours ago, mfichera said: Do eset business products (ie endpoint security) protect users from the exploit described in the link below? https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC It seems that Microsoft has patched that exploit.
itman 1,811 Posted October 11, 2018 Posted October 11, 2018 (edited) 3 hours ago, Rami said: It seems that Microsoft has patched that exploit. Yes. The patches were incorporated into the monthly Win Update that was release on 10/9. So anyone concerned about this should apply Win Updates ASAP. https://securitytracker.com/id/1041828 Edited October 11, 2018 by itman
Recommended Posts