SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    FruityArmor Hacking Group Juiced by Microsoft's October Patch Parade
Date    Sunday October 23 2016, @12:34AM
Author    janrinok
Topic   
from the stopped-in-their-tracks dept.
https://soylentnews.org/article.pl?sid=16/10/22/1715207

Arthur T Knackerbracket has found the following story:

Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.

Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers.

Ivanov's analysis reveals a hacking group dubbed FruityArmor was exploiting the vulnerability in chained attacks, using a True Type Font to trigger the bug.

[...] The attack saw browser sandboxes broken and higher privileges attained before a second payload executed with the newly-acquired higher access privileges.

Windows 10's efforts to push font processing into a special user mode that restricts privileges did not stop the exploit.

Original Submission

Links
  1. "Arthur T Knackerbracket" - https://soylentnews.org/~Arthur+T+Knackerbracket/
  2. "following story" - http://www.theregister.co.uk/2016/10/21/fruity_hacking_group_loses_zero_day_in_october_patch_parade/
  3. "graphics device interface vulnerability" - http://www.theregister.co.uk/2016/10/11/october_microsoft_patches/
  4. "analysis" - https://securelist.com/blog/research/76396/windows-zero-day-exploit-used-in-targeted-attacks-by-fruityarmor-apt/
  5. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=16518
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, FruityArmor Hacking Group Juiced by Microsoft's October Patch Parade on 2024-04-28 01:38:10