While we have not found clear evidence demonstrating malicious use of the proof-of-concept (POC), we did discover some variants being tested and uploaded to VirusTotal. Having this code publicly available may raise the potential for additional threat attackers. While searching for additional findings we went through a public exploit published in March of 2021 by a researcher. The original sample discovered was compiled in May 2020 and reported to Microsoft in December 2020. In this case the exploit is a Local Privilege Escalation (LPE) that targets 64-bit Windows 10 version 1909. When such attacks are successful, they are critical because they provide high privileges to the attacker, which can be used to increase the impact of the overall exploit chain. Kernel exploits are usually the most sophisticated attack as they interact directly with the Windows kernel. The exploit is novel in its use of a new win32k arbitrary kernel memory read primitive using the GetMenuBarInfo API, which to the best of our knowledge had not been previously known publicly. In this blog post, McAfee Advanced Threat Research (ATR) performed a deep dive into the analysis of the vulnerability, to identify the primitives for detection and protection. In February 2021, the company Dbappsecurity discovered a sample in the wild that exploited a zero-day vulnerability on Windows 10 圆4.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |