Zero-day selling for $90,000 and potentially targeting 1.5 billion Windows users--opinion.
Oliver Pinson-Roxburgh, SE director EMEA at Alert Logic: "Organisations today cannot rely on the vendor to secure them, they need to be in a position to detect threats before they are really know. If organisations are monitoring access to systems as well as deviations from the norm they will detect this even without having specific security tooling to protect against The challenge is that many clients just don't have the time and resource to watch for this escalation of privileges."
Simon Crosby, CTO and o-founder at Bromium:
"The zero-day market remains strong--which means that researchers are confident that there are many more such vulnerabilities they can quickly monetise. Of course, today's detect-to protect products such as "next-gen AV will fail to detect attacks that leverage this or any other new techniques to breach the endpoint. The only way forward is for organisations to adopt a security posture that isolates all untrusted computation by default making endpoints secure by design. For Bromium customer Valspar, this is vital to the way that they protect their users--and their intellectual property--when their users travel to offshore manufacturing facilities."
Robert Simmons, Director of Research Innovation at ThreatConnect:
"Whether or not this vulnerability turns out to be real or a hoax, all vulnerabilities, 0-day or not are a problem if systems are not kept up to date with patches. Staying up to date with software and operating system patches is one of the top ways to protect yourself from threats, along with running at least privilege and application whitelisting. We all agree that 0-days are hard to stop, but you can minimise the dwell time if you are proactively hunting for threats like these in your enterprise."
Stephen Gates, chief research analyst at NSFOCUS:
"The global vulnerability/exploit market is ever growing and can be quite profitable. Researchers (and hackers the like), search for vulnerabilities in operating systems and applications. Once a vulnerability is found, those that discover it work tirelessly to determine if it can be exploited locally or remotely.
In this case, the Windows vulnerability appears to allow local privilege escalation. What this means is that an attacker can escalate their privilege from "user" to "administrator" on any Windows machine that they have local access to. Privilege escalation is a critical component to compromising and maintaining access to infected machines; allowing an Advanced Persistent Threat to exist
If hackers find a way to bundle this with a Remote Code Execution (RCE) exploit, that changes the equation significantly. RCE exploits do not require local access to the machine and systems can be exploited from anywhere in the world.
The person that found the vulnerability is not breaking the law by selling the vulnerability and associated exploit online. Although their ethics are certainly in question. Ninety grand goes a long way and in this case, money wins over ethics. I would imagine that, if the vulnerability and exploit can be verified, Microsoft will likely buy it.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||DATABASE AND NETWORK INTELLIGENCE|
|Publication:||Database and Network Journal|
|Date:||Jun 1, 2016|
|Previous Article:||Brocade and Guiyang High-Tech Industrial Investment Group Co., Ltd (HTII) announce joint venture in China.|
|Next Article:||Unlocking the power of digital transformation: freeing IT from legacy constraints.|