In a Cumulative Update this week, Microsoft dealt with a Windows 10 vulnerability first reported by Kaspersky in August. The Russian security firm said the flaw was being exploited for targeted attacks in the Middle East. In its release notes this week, Microsoft explains the Win32k Elevation of Privilege Vulnerability (CVE-2018-8453) and the update to patch it: “An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.”
Exploit
Kaspersky has said the vulnerability has been exposed by FruityArmor, a hacking group. The company says the “code of the exploit is of high quality and written with the aim of reliably exploiting as many different MS Windows builds as possible, including MS Windows 10 RS4.” In recent years, the relationship between Microsoft and Kaspersky Lab has been troubled. The company accused Microsoft of monopolizing anti-virus by limiting third-parties in Windows 10. Kaspersky contacted Microsoft and was willing to work towards finding a solution. That dialogue did not materialize so Kaspersky filed an antitrust complaint against Microsoft in Europe. Microsoft finally relented and made the required changes to Windows 10 to reach a settlement.