Jump to content

Recommended Posts

Do eset business products (ie endpoint security) protect users from the exploit described in the link below?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC

Share this post


Link to post
Share on other sites

See this link for further details: https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/

This is a kernel mode exploit that appears to be able to bypass the core integrity option Microsoft added in Win 10 1803.

Of note is the following:

Quote

Victims

The distribution of the attack seems to be highly targeted, affecting less than a dozen victims in the Middle East region, according to our telemetry.

Attribution

During our investigation, we discovered the attackers were using a PowerShell backdoor that has previously been seen exclusively used by the FruityArmor APT. There is also an overlap in the domains used for C2 between this new set of activity and previous FruityArmor campaigns. That makes us assess with medium confidence that FruityArmor is responsible for the attacks leveraging CVE-2018-8453.

 

Edited by itman

Share this post


Link to post
Share on other sites
3 hours ago, Rami said:

It seems that Microsoft has patched that exploit.

Yes. The patches were incorporated into the monthly Win Update that was release on 10/9. So anyone concerned about this should apply Win Updates ASAP.

https://securitytracker.com/id/1041828

 

Edited by itman

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×