Jump to content

CVE-2018-8453


mfichera
 Share

Recommended Posts

Do eset business products (ie endpoint security) protect users from the exploit described in the link below?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC

Link to comment
Share on other sites

See this link for further details: https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/

This is a kernel mode exploit that appears to be able to bypass the core integrity option Microsoft added in Win 10 1803.

Of note is the following:

Quote

Victims

The distribution of the attack seems to be highly targeted, affecting less than a dozen victims in the Middle East region, according to our telemetry.

Attribution

During our investigation, we discovered the attackers were using a PowerShell backdoor that has previously been seen exclusively used by the FruityArmor APT. There is also an overlap in the domains used for C2 between this new set of activity and previous FruityArmor campaigns. That makes us assess with medium confidence that FruityArmor is responsible for the attacks leveraging CVE-2018-8453.

 

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
11 hours ago, mfichera said:

Do eset business products (ie endpoint security) protect users from the exploit described in the link below?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453#ID0EKIAC

It seems that Microsoft has patched that exploit.

Link to comment
Share on other sites

3 hours ago, Rami said:

It seems that Microsoft has patched that exploit.

Yes. The patches were incorporated into the monthly Win Update that was release on 10/9. So anyone concerned about this should apply Win Updates ASAP.

https://securitytracker.com/id/1041828

 

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...