Zero-day for Windows OS all Versions Available at $90K

Trustwave the security company has found one critical zero-day vulnerability affecting Windows as it's available on the illegal marketplace for cyber-crime at USD90,000. The company's SpiderLabs security investigators unearthed one post on the secret illegal websites in which a cyber-criminal asserts he has this vulnerability that is capable of impacting nearly all Windows computers.

In case what that criminal asserts is true then the LPE (local privilege escalation) flaw is present within every edition of Windows operating system beginning with Windows 2000, with a potential effect on more than 1.5bn Windows operators.

The cyber-criminal going by the handle BuggiCorp further posted on the underground forums twin YouTube videos showing how the 0-day works. The first video depicts the privileges being escalated for one app within Windows 10 while most up-to-date security patch of May 2016 is installed. The second video shows how the hacker's exploit evades each and every security product present inside the most recent edition of Microsoft's toolkit called EMET.

Hackers' key platform for business is the dark-net. According to Trustwave, there's even been a change in the business prototype in this region. The secret illegal economy has been growing exponentially. Cyber-crooks in an organized way are putting efforts on the Internet on an unprecedented large scale. They're evolving their methodologies as well as strategies tremendously by cashing in on private forums that remain anonymous; anonymous networks; and crypto-currencies. Itwire.com posted this, June 1, 2016.

Nevertheless, detecting any 0-day mentioned in between such pretty frequent offerings is a glitch, thus showing how 0-days escape the shadows while quickly become a masses' commodity, imposing disturbance, surely.

In summary Trustwave states, there are bugs in all software products. This' key assumption any individual makes while handling codes - software developer or security professional. Trustwave's SpiderLabs and Microsoft have worked together spanning many years, while the security company knows very closely what enormous efforts Microsoft puts for preventing 0-days such as adopting independent investigation along with bug bounty schemes and/or setting up MAPP program while maintaining in their patching procedure complete transparency. Unfortunately, it only sometimes happens when crooks rather than security professionals first discover those bugs.

» SPAMfighter News - 6/7/2016