June 2, 2016

Everyone affected: A vulnerability in all versions of Windows past Win2K may be found

Business

Threatpost reports that hackers could have discovered a huge zero-day vulnerability affecting any Windows machine from the antique Windows 2000 through the latest fully patched Windows 10. The exploit exists already, and its creators are willing to sell it for $90,000

According to Threatpost, this zero-day exploit looks legitimate. Its effectiveness is almost impossible to ascertain without actually buying the exploit, but there is a multitude of strong, if indirect, indicators of the existence of both the flaw and a working exploit for it. Among them is a video showing the exploit successfully bypassing all of Microsoft Windows’ Enhanced Mitigation Experience Toolkit (EMET) protections for the latest version of Windows. Another video shows a fully updated Windows 10 machine being exploited successfully by means of elevating the cmd.exe process to the System account.

It seems likely that any serious APT actor or a major cybergang would be eager to own such a tool. However, the exploit has been on sale since at least May 11 (at least, that was the day security experts at Trustwave discovered it), and its price has already dropped from $95K to $90K.

Microsoft has spoken out, publicly acknowledging the existence of the zero-day-exploit listing, but the company has stressed that it cannot verify the authenticity of the claim. Apparently this story is “to be continued.”

We may be seeing a new major cybersecurity alert, one similar in scale to Heartbleed and Shellshock: If the flaw is confirmed, nearly all Windows boxes currently in use may be at risk because the exploit gives admin rights to attackers. On the other hand it still may be a hoax — but, of course, that is rather wishful thinking.

All details known so far are available at Threatpost.