Jump to content

Recommended Posts

Posted

Do eset business products (ie endpoint security) protect users from the exploit described in the link below?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC

Posted (edited)

See this link for further details: https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/

This is a kernel mode exploit that appears to be able to bypass the core integrity option Microsoft added in Win 10 1803.

Of note is the following:

Quote

Victims

The distribution of the attack seems to be highly targeted, affecting less than a dozen victims in the Middle East region, according to our telemetry.

Attribution

During our investigation, we discovered the attackers were using a PowerShell backdoor that has previously been seen exclusively used by the FruityArmor APT. There is also an overlap in the domains used for C2 between this new set of activity and previous FruityArmor campaigns. That makes us assess with medium confidence that FruityArmor is responsible for the attacks leveraging CVE-2018-8453.

 

Edited by itman
  • Most Valued Members
Posted
11 hours ago, mfichera said:

Do eset business products (ie endpoint security) protect users from the exploit described in the link below?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC

It seems that Microsoft has patched that exploit.

Posted (edited)
3 hours ago, Rami said:

It seems that Microsoft has patched that exploit.

Yes. The patches were incorporated into the monthly Win Update that was release on 10/9. So anyone concerned about this should apply Win Updates ASAP.

https://securitytracker.com/id/1041828

 

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...