Skip to main content

Second Microsoft Windows zero-day vulnerability reported in a single month

Published on: 27 Nov 2018

A new exploit for a zero-day vulnerability in Microsoft Windows was detected and reported by Kaspersky Lab in October.

Microsoft quickly released a patch for the flaw, but this marks the second consecutive zero-day exploit used in a series of cyberattacks in the Middle East in just one month.

Just a few weeks before this discovery, Kaspersky Lab spotted its first exploit for a zero-day vulnerability in Microsoft Windows, which was being delivered to victims via a PowerShell backdoor.

Cyber attacks that take advantage of zero-day vulnerabilities are deemed to be some of the most dangerous, because they involve the exploitation of an undiscovered weakness, which makes them difficult to detect and prevent.

If discovered by cyber criminals, these weaknesses could be used for the creation of an exploit. For example, this ‘hidden threat’ attack scenario is widely used by sophisticated actors in advanced persistent threat (APT) attacks.

This latest Windows exploit to be discovered was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system. The exploit was only able to target machines running the 32-bit version of Windows 7.

In just a single month, Kaspersky Lab has discovered two APTs and detected two series of attacks in one region.

Anton Ivanov, a security expert at Kaspersky Lab, commented: “The discreteness of cyber threat actors’ activities reminds us that it is of critical importance for companies to have in their possession all the necessary tools and solutions that would be intelligent enough to protect them from such sophisticated threats.

“Otherwise, they could face complex targeted attacks that will seemingly come out of nowhere.”

Photo: RapidEye/iStock