Kaspersky Lab technicians automatically detected a new vulnerability that was exploited in the Microsoft Windows kernel. The third zero-day utilization was discovered within three months. The most recent vulnerability (CVE-2018-8611) was found in malicious programs targeting a few victims in the Middle East and Asia. Because vulnerability exists in the operating system kernel mode, exploitation is particularly dangerous and can be used to circumvent the defense mechanisms embedded in modern browsers, including Chrome and Edge. Vulnerability was reported to Microsoft, which launched a correction file.
Vulnerability for seven days is not known in advance and is therefore not solved, enabling software that attacker can exploit can be provided to access system and device for victims. They are extremely valuable to attackers and are difficult to detect.
All three exploits were discovered by Kaspersky Lab Automobile Exploit Prevention Technology, embedded in most of the company's products. Like the two previously exploited vulnerabilities (CVE-2018-8589 and CVE-2018-8453), for which Microsoft published patches in October and November, the latest exploitation of targeting victims in the Middle East was discovered. The exploitation CVE-2018-8589 is called "Alice" by malware writers, who also referred to the latest exploitation as "Jasmine". Kaspersky Lab researchers believe that the new vulnerability has been exploited by several attackers, including a new APT group called Sandcat.
"It is certain that our products will use the three nolagays in the nuclear state in a few months." Better technology that detects such complex threats, "says Anton Ivanov, security expert at Kaspersky Lab. "For organizations it is important to understand that in order to protect their perimeter, they should use a solution that combines objective protection with an advanced detection of threats."
Kaspersky Lab recommends the following Security:
- Install the Microsoft Vulnerability Vulnerability
- Make sure that you regularly update all applications used in your organization and every time a new security patch is released. Security issues and patch management security can help automate these processes
- Select a proven security solution like Kaspersky Endpoint Security, which is equipped with behavioral detection capabilities, for effective protection against known and unknown threats, including exploits.
- Use advanced security tools like Kaspersky Anti Targeted Attack Platform (KATA) if your company requires complex security
- Ensure that the security team has access to the latest cyberhot information. For Kaspersky Intelligence Reporting customers, private reports are available on the latest developments in the cyberhots landscape.
- Last but not least, make sure the staff are trained on the basics of IT security.