Trustwave’s Spiderlabs research team has recently discovered a zero day exploit which has been in Windows since Windows 2000 to the current Windows 10.
Details About the Exploit
Spiderlabs first saw the exploit advertised in a Russian hacking forum last month. And that too for $95,000.
Brian Krebs, a security researcher, explained that this exploit falls into the “local privilege escalation” category. These type of exploits don’t do damage on their own. They piggyback and work behind other types of exploits.
“An attacker may already have a reliable exploit that works remotely, but the trouble is his exploit only succeeds if the current user is running Windows as an administrator. No problem. Chain that remote exploit with a local privilege escalation bug that can bump up the target’s account privileges to that of an admin, and your remote exploit can work its magic without hindrance.”
Simply put, the exploit itself doesn’t let a hacker attack or compromise your system but it still acts as a “very much needed puzzle piece in the overall infection process,” according to Trustwave.
How the Zero Day Exploit Works
A hacker called “BuggiCorp” proved the legitimacy of the zero day exploit by uploading two videos on YouTube.
You can watch one of them here to see how the exploit works:
Exploits Are Now Being Sold Openly
Trustwave adds that zero day exploits are now being openly sold like a mainstream commodity, instead of being traded privately.
“In this business you usually need to “know people who know people” in order to buy or sell this kind of commodity. This type of business transaction is conducted in a private manner, meaning either direct contact between a potential buyer and the seller or possibly mediated by a middle man.
As such, a zero day being offered for sale stood out among the other offerings in an underground market for Russian-speaking cyber criminals. This specific forum serves as a collaboration platform where one can hire malware coders, lease an exploit kit, buy web shells for compromised websites, or even rent a whole botnet for any purpose. However, finding a zero day listed in between these fairly common offerings is definitely an anomaly. It goes to show that zero days are coming out of the shadows and are fast becoming a commodity for the masses, a worrying trend indeed.”
Trustwave has notified Microsoft about the exploit and is waiting for a reply from the software giant. We’ll share more information on this once it becomes available.