SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.
SoylentNews
Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.
Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers.
Ivanov's analysis reveals a hacking group dubbed FruityArmor was exploiting the vulnerability in chained attacks, using a True Type Font to trigger the bug.
[...] The attack saw browser sandboxes broken and higher privileges attained before a second payload executed with the newly-acquired higher access privileges.
Windows 10's efforts to push font processing into a special user mode that restricts privileges did not stop the exploit.
This discussion has been archived.
No new comments can be posted.
FruityArmor Hacking Group Juiced by Microsoft's October Patch Parade
|
Log In/Create an Account
| Top
| 13 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
You will forget that you ever knew me.
(Score: 2) by Runaway1956 on Sunday October 23 2016, @03:07AM
We need to open up staff positions to AC. Go ahead, PM the staff and tell them that you want in!
(Score: 0) by Anonymous Coward on Sunday October 23 2016, @03:45AM
Not a bad idea. Run a system like pipedot pipe voting to cull the crap.