An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows server 2008 r2 |
||
microsoft windows 7 - |
||
microsoft windows server 2008 - |
In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added a backdoor to the utility and then distributed it to users through official channels. ASUS was not the only company used by the attackers. Other targets included several gaming companies, a conglomerate holding company and a pharmaceutical company – all located i...
After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. The threat actor is highly skilled and, by all appearances, quite resourceful. We recently discovered some interesting telemetry on this actor, and decided to dig deeper into ScarCruft’s recent activity. This shows that t...
According to KSN: In Q2 2018, Kaspersky Lab detected 1,744,244 malicious installation packages, which is 421,666 packages more than in the previous quarter. Among all the threats detected in Q2 2018, the lion’s share belonged to potentially unwanted RiskTool apps (55.3%); compared to the previous quarter, their share rose by 6 p.p. Members of the RiskTool.AndroidOS.SMSreg family contributed most to this indicator. Second place was taken by Trojan-Dropper threats (13%), whose share fell by 7 p....
EFF wins another privacy battle, ICE chips off AI spy plan
Roundup Here's your guide to this week's infosec news beyond what we've already covered. US Customs won't getting their massive terror predicting system after all. It's reported that America's immigration cops – ICE – have abandoned its call for the development of an artificially intelligent tool that would be able to predict whether a person entering the country was secretly a terrorist, based on social networking activity. We're told it wasn't outcry over human rights or privacy concerns t...
Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP
Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon people's personal information, and so on. Redmond emitted 68 patches alone, 21 rated critical and at least two being actively exploited in the wild. There are browser and kernel patches you should look into first, check out an Office 365 email filter bypass that isn't addressed, then Hyper-V if you're using that, and then the rest. ...