Kaspersky Detects a New Security Exploit in Microsoft Windows OS

Kaspersky Detects a New Security Exploit in Windows OS

By using its Automatic Exploit Prevention technology, Kaspersky Lab has detected a series of targeted cyber-attacks.

And here are the technologies:

• Kaspersky Lab’s Automatic Exploit Prevention components inside the company’s security products and behavioral detection engine
• Advanced Sandboxing and the Antimalware engine within the Kaspersky Anti Targeted Attack Platform

These attacks are carried out by new malware using a previously unknown zero-day vulnerability in the Win32k component of the MS Windows operating system. And cybercriminals can use the vulnerability to gain persistent access to victim systems.

One of the most dangerous forms of network threats is the attack via a zero-day vulnerability since it involves exploiting vulnerabilities that have not yet been discovered and fixed.

If this attack is found by threat participators, a zero-day vulnerability can be used to create an exploit that could open the access to a whole system. Besides, in APT attacks, sophisticated actors will widely use this attack scenario.

Kaspersky said in its security analysis report that the vulnerability was performed by the first stage of a malware installer so as to obtain the necessary privileges of persistence on the victim system.

According to the report, the code of the malware was of high quality and the purpose of writing was to reliably use as many different builds of MS Windows as possible, including MS Windows 10 RS4.

The discovered new security exploit in Windows OS was delivered via a PowerShell backdoor to the victims. It is suspected that the actor behind the attack may be concerned with the FruityArmor group since the PowerShell backdoor has exclusively been used by the group in the past.

Since 2016, the cyber-espionage group has been active and targeting various groups across the Middle East.

Kaspersky has notified Microsoft of this threat. Microsoft has patched this vulnerability on October 9 and classified it as an “important” severity marking.

What to Do to Avoid Zero-day Exploits

According to a security expert at Kaspersky Lab, actively monitoring the threat landscape on new exploits is critical when mentioning zero-day vulnerabilities. The purpose of the constant threat intelligence research at Kaspersky Lab is to find new attacks, establish the targets of different cyberthreat actors and learn what malicious technologies these criminals use.

To avoid zero-day exploits, Kaspersky Lab suggests taking technical measures, as shown below:

• Don’t use the software that is recently used in cyber-attacks or known to be vulnerable.
• Use a robust security solution, for example, Kaspersky Endpoint Security for Business that can effectively protect against known and unknown threats including exploits with its behavior-based detection capabilities.
• Ensure that your company has regularly updated the using software to the most recent versions since security products having the capabilities of Patch Management and Vulnerability Assessment may be helpful to automate these processes.

In addition to these three ways, here is one thing you should pay attention to and that is to create a full backup of your Windows operating system or the disk data to protect your computer against from attacks.

To do this, MiniTool ShadowMaker, professional and free backup software will be your good choice. It can help back up files, disk, partition, and the Windows OS with simple clicks. Above all, it supports automatic backup, incremental and differential backup for PC protection.

Final Words

Now, all information about the new security exploit in Windows OS is told to you. Don’t panic. Just try the above-mentioned ways to safeguard your PC to avoid zero-day exploit for Windows.