Jump to content

Russian hackers exploit Windows and Flash vulnerabilities


Recommended Posts

http://cdn.mos.techradar.com/art/TRBC/Abstract/Magnifying%20glass%20on%20danger/Magnifying%20glass%20on%20danger-470-75.jpg

FireEye has uncovered new zero-day exploits in both Adobe Flash and Microsoft Windows that are likely to have been used by a widespread Russian cyber espionage campaign.

Both exploits were outlined by FireEye over the weekend in a report that accuses the advanced persistent threat group (APT) known as APT28 that operates out of Russia of exploiting the two vulnerabilities.

Attackers can take advantage of the Flash exploit (CVE-2015-3043) when a victim clicks on a link to a malicious website controlled by attackers. Once on a site an HTML.JS launcher page serves the Flash exploit and this then triggers CVE-2015-3043 that executes shellcode and runs an executable payload on a Windows system. That payload then triggers the previously unreported Windows flaw, CVE-2015-1701, which is able to steal system tokens.

That very Windows flaw is a local privilege escalation vulnerability that executes a callback using the flaw to steal data from the System process before executing code using escalated privileges. Attackers can then modify their stolen system tokens to have the exact same privileges as the System process.

Is there a fix?

FireEye first reported on APT28 back in October and it has linked the current campaign to them by explaining that the exploit brings malware variants similar to APT28 backdoors from malware families it has employed in the past.

Microsoft is currently working on a fix for the vulnerability that doesn't affect Windows 8 or later and Adobe Flash users should update to the newest version of the software to prevent any problems arising.

http://rss.feedsportal.com/c/669/f/415085/s/459b9f41/sc/15/mf.gif


http://da.feedsportal.com/r/224851783103/u/49/f/415085/c/669/s/459b9f41/sc/15/rc/1/rc.img
http://da.feedsportal.com/r/224851783103/u/49/f/415085/c/669/s/459b9f41/sc/15/rc/2/rc.img
http://da.feedsportal.com/r/224851783103/u/49/f/415085/c/669/s/459b9f41/sc/15/rc/3/rc.img

http://da.feedsportal.com/r/224851783103/u/49/f/415085/c/669/s/459b9f41/sc/15/a2.imghttp://pi.feedsportal.com/r/224851783103/u/49/f/415085/c/669/s/459b9f41/sc/15/a2t.imghttp://feeds.feedburner.com/~r/techradar/software-news/~4/-x-PlhKpI1k
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...