Microsoft has fixed a new zero-day vulnerability (CVE-2018-8589) in this week’s routine security update, which was discovered by Kaspersky. Unlike the zero-day vulnerability that Kaspersky discovered last time, this vulnerability only affects Windows 7 and Server Windows Server 2008. The same is that the two zero-day vulnerabilities appear in the Windows Win32k system components, and the use of these zero-day vulnerabilities is the same APT Group.
Allow an attacker to execute arbitrary code:
An attacker can use the incorrect handling of Windows Win32k component calls to execute arbitrary code on the local system, such as installing backdoors or stealing data.
Even an attacker can use this vulnerability to create new user accounts, etc., but the primary purpose of the attacker is to continue to install the backdoor to gain access.
So far Kaspersky has not been able to understand how the attacker attacked after many analyses, only knowing that the malicious installer initially executed it.
APT Group suspected of having government support:
After continuous tracking, Kaspersky found that the attackers used the above vulnerabilities to attack users in the Middle East. The attackers were clear-cut and well-coded.
Although Windows 10 has fixed a zero-day vulnerability in Windows Win32k, similar vulnerabilities in Windows 7 have been discovered by attackers.
Kaspersky Lab security experts say there is currently no clear understanding of the attackers, but it is sure that the APT Group is still exploiting this vulnerability.
At present, Microsoft has released a patch to fix the bug on the regular update date. If you want to try to exploit this vulnerability, the system will crash directly, and it will not succeed.