Researchers have discovered a zero-day vulnerability (CVE-2018-8589) within win32k.sys affecting 32-bit versions of Windows 7. The vulnerability was reported to Microsoft on October 17th and is a privilege escalation vulnerability. It exists due to “improper locking of messages sent synchronously between threads.” If exploited successfully, it could allow an attacker to view or alter data, install programs, or create new user accounts by “running arbitrary code in the context of the local system.” At the time of writing this article, the delivery method remains unknown, however according to researchers, “the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system.” The zero-day is currently being used by at least one APT actor but if an attacker attempts to exploit the zero-day on machines that are up to date with security updates, the system will crash.
read more →
Nov
14
Dec
08
Yesterday, Microsoft released a patch to fix a remote code execution flaw, CVE-2017-11937, in its Malware Protection Engine (MPE).
read more →- Dec 8, 2017 12:58:44 PM
- The Counterintelligence Team
- 0 Comments
- threat intelligence, vulnerability, Microsoft, malware
Nov
29
A Microsoft Word exploit has been active for 17 years, but only discovered and patched earlier this month.
read more →- Nov 29, 2017 1:40:35 PM
- The Counterintelligence Team
- 0 Comments
- threat intelligence, vulnerability, Word, Microsoft
Nov
15
A new vulnerability in Microsoft Office has surfaced. The vulnerability is a memory corruption issue that resides in all versions of Microsoft Office that has been released in the past 17 years, which include Microsoft Office 365 and the latest version of Microsoft Windows 10.
read more →- Nov 15, 2017 1:48:04 PM
- The Counterintelligence Team
- 0 Comments
- threat intelligence, vulnerability, Microsoft, updates
Oct
24
A new unpatched attack method has surfaced that exploits a built-in feature of Microsoft Office.
read more →- Oct 24, 2017 1:24:43 PM
- The Counterintelligence Team
- 0 Comments
- vulnerability, Word, DDE, Microsoft