SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Potential Windows zero-day security exploit worth $90,000 on underground market
Thu, 2nd Jun 2016
FYI, this story is more than a year old

A single Windows zero-day vulnerability could be sold amongst the underground cybercrime markets, potentially affecting more than 1.5 billion Windows users, researchers at Trustwave have found.

Although not confirmed, the local privilege escalation (LPE) exploit affects every version of Microsoft Windows, from Windows 2000 up to Windows 10 and could allow cyber criminals to wreak havoc on computers.

The threats come from the ability for hackers to give any Windows user accounts administrator privilege, thus allowing access to potential areas such as malicious software installation, network access, user settings and remote control of a computer.

Researchers at Trustwave's Spiderlabs Research stated in a blog that while zero-exploits are still rare, they are still worrying.

Although it is difficult to ascertain the kind of prices they are worth in the underground economy, but malware developers are increasingly monetising threat development and selling them for high prices.

Spiderlabs Research has found examples of underground forums that are collaborative hubs to hire malware coders, as well as leasing exploit kits and purchasing web shells and bot nets. the purchase of web shells or botnets.

Spiderlabs Research recommends:

  • Keeping your software up-to-date. Sometimes LPE exploits are used in conjunction with RCE exploits. If you are patched against the RCE part of the cyber attack, that may lessen the amount of damage a zero-day attack can make.
  • Using a full range of security software to give high protection and prevent weaknesses that could allow attacks to enter the system
  • Use common sense: Don't click suspicious links or open attachments from unknown sources.