Kaspersky Lab uncovers Windows zero-day exploited by threat actor

Zero-day vulnerabilities are previously unknown software bugs exploited by attackers to breach a victim’s device and network.

Kaspersky Lab’s automated technologies have detected a new exploited vulnerability in Microsoft Windows, believed to have been used in targeted attacks by at least two threat actors, including the recently discovered SandCat. This is the fourth zero-day exploit to be discovered in the wild by Kaspersky Lab’s Automatic Exploit Prevention technology. Kaspersky Lab reported the vulnerability, allocated CVE-2019-0797 to Microsoft, which has released a patch

Zero-day vulnerabilities are previously unknown software bugs that can be exploited by attackers to breach a victim’s device and network. The new exploit uses a vulnerability in Microsoft Windows’ graphics subsystem to achieve local privilege escalation. This provides the attacker with full control over a victim’s computer. The malware sample examined by Kaspersky Lab researchers shows that the exploit targets OS versions Windows 8 to Windows 10.

The researchers believe the detected exploit could have been used by several threat actors including, but possibly not limited to, FruityArmor and SandCat. FruityArmor is known to have used zero-days in the past, while SandCat is a new threat actor discovered only recently.

Kaspersky Lab recommends taking the following security measures:

Install Microsoft’s patch for the new vulnerability as soon as possible.

Make sure you update all software used in your organization on a regular basis, and whenever a new security patch is released. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes.

Choose a proven security solution such as that is equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including exploits.

Use advanced security tools like Kaspersky Anti Targeted Attack Platform (KATA) if your company requires highly sophisticated protection.

Make sure your security team has access to the most recent cyber threat intelligence.

Last, but not least, ensure your staff is trained in the basics of cybersecurity hygiene.

Next Story