Usually, you need to teach security solutions about new vulnerabilities, but sometimes, Kaspersky Lab technologies teach us about new zero-days. This is just that kind of case. Our Automatic Exploit Prevention technology recently detected a new kind of cyberattack that tried to use a previously unknown exploit on a yet-undiscovered operating system vulnerability.
Analyzing the case, our experts figured out that the vulnerability was in win32k.sys, a Win32 Driver file. They immediately informed Microsoft about the issue so that their specialists could swiftly craft a security patch. On October 9, they disclosed the existence of the vulnerability and published a corresponding update that, among other things, fixed the CVE-2018-8453 vulnerability.
Leave a reply