Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.
Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers.
Ivanov's analysis reveals a hacking group dubbed FruityArmor was exploiting the vulnerability in chained attacks, using a True Type Font to trigger the bug.
[...] The attack saw browser sandboxes broken and higher privileges attained before a second payload executed with the newly-acquired higher access privileges.
Windows 10's efforts to push font processing into a special user mode that restricts privileges did not stop the exploit.
(Score: 2) by janrinok on Sunday October 23 2016, @03:30PM
The op-ed idea has merit but might not be the whole solution. This weekend at least 12 of the approx 32 stories we need to fill the pages are from Arthur. There is nothing the 3 available eds could do to fill those slots if we have to write complete articles from scratch. The output from Arthur is far from ideal, but at least it does identify stories that are roughly in line with our aims and interests. And those editors are only available for a limited time each day - they have their own lives to live too.
We will probably make another bid for editors in the next few weeks. However, they each need individual training by an existing editor. While the job is not difficult and is interesting, getting to grips with the process is time consuming. But we accept that as simply being a part of the job. Although we might train 4 new editors, experience suggests that the likelihood of them all remaining as eds for longer than a couple of months is remote. If we can keep 1 we would be happy, and 2 would make life so much more easy for us. There is an expectation that each would make a contribution on an almost daily basis; this is quite a commitment to give and is even harder to achieve over weekends when people want to do other things.
There are only 4 regular active editors at present which isn't many for 24/7 operating. A few more help when they can depending on other commitments. Of course, you might think that the solution is to only fill part of the day but which part? I'm in Europe, and I'm not going to support a site that is targeted only at our US audience. The full SN team is spread worldwide, as is our community, and everyone wants the opportunity to take part in discussions 'live' rather than look at what was said by any one particular geographic region. With over 6000 members I would hope that a few will be up for the challenge.