Printer Friendly

Zero-day selling for $90,000 and potentially targeting 1.5 billion Windows users--opinion.

Security researchers have discovered a Windows zero-day vulnerability that is going for $90,000 on the underground cyber crime market. A post from a cyber criminal on an underground forum, claims to have this vulnerability which could affect almost all Windows users. If the claims are true, the local privilege escalation vulnerability exists in all versions of Microsoft Windows OS starting from Windows 2000, potentially impacting over 1.5 billion Windows users.

Oliver Pinson-Roxburgh, SE director EMEA at Alert Logic: "Organisations today cannot rely on the vendor to secure them, they need to be in a position to detect threats before they are really know. If organisations are monitoring access to systems as well as deviations from the norm they will detect this even without having specific security tooling to protect against The challenge is that many clients just don't have the time and resource to watch for this escalation of privileges."

Simon Crosby, CTO and o-founder at Bromium:

"The zero-day market remains strong--which means that researchers are confident that there are many more such vulnerabilities they can quickly monetise. Of course, today's detect-to protect products such as "next-gen AV will fail to detect attacks that leverage this or any other new techniques to breach the endpoint. The only way forward is for organisations to adopt a security posture that isolates all untrusted computation by default making endpoints secure by design. For Bromium customer Valspar, this is vital to the way that they protect their users--and their intellectual property--when their users travel to offshore manufacturing facilities."

Robert Simmons, Director of Research Innovation at ThreatConnect:

"Whether or not this vulnerability turns out to be real or a hoax, all vulnerabilities, 0-day or not are a problem if systems are not kept up to date with patches. Staying up to date with software and operating system patches is one of the top ways to protect yourself from threats, along with running at least privilege and application whitelisting. We all agree that 0-days are hard to stop, but you can minimise the dwell time if you are proactively hunting for threats like these in your enterprise."

Stephen Gates, chief research analyst at NSFOCUS:

"The global vulnerability/exploit market is ever growing and can be quite profitable. Researchers (and hackers the like), search for vulnerabilities in operating systems and applications. Once a vulnerability is found, those that discover it work tirelessly to determine if it can be exploited locally or remotely.

In this case, the Windows vulnerability appears to allow local privilege escalation. What this means is that an attacker can escalate their privilege from "user" to "administrator" on any Windows machine that they have local access to. Privilege escalation is a critical component to compromising and maintaining access to infected machines; allowing an Advanced Persistent Threat to exist

If hackers find a way to bundle this with a Remote Code Execution (RCE) exploit, that changes the equation significantly. RCE exploits do not require local access to the machine and systems can be exploited from anywhere in the world.

The person that found the vulnerability is not breaking the law by selling the vulnerability and associated exploit online. Although their ethics are certainly in question. Ninety grand goes a long way and in this case, money wins over ethics. I would imagine that, if the vulnerability and exploit can be verified, Microsoft will likely buy it.
COPYRIGHT 2016 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2016 Gale, Cengage Learning. All rights reserved.

 
Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:DATABASE AND NETWORK INTELLIGENCE
Publication:Database and Network Journal
Date:Jun 1, 2016
Words:562
Previous Article:Brocade and Guiyang High-Tech Industrial Investment Group Co., Ltd (HTII) announce joint venture in China.
Next Article:Unlocking the power of digital transformation: freeing IT from legacy constraints.
Topics:

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters