A vulnerability in Windows that has recently been publicly disclosed and for which no security update from Microsoft is available, is actively attacked, according to antivirus company ESET. An attacker can elevate his rights on the system through the vulnerability.
This allows an attacker to further compromise the system, e.g. when an infected user with restricted privileges is logged in. The vulnerability, including a proof-of-concept exploit, was disclosed by a security researcher on Twitter without any upfront notification to Microsoft. Therefore, there is no patch for the issue. ESET reports that a group of cybercriminals has discovered the vulnerability, and the fact that it hasn’t been patched yet, and now actively exploits the leak.
The first attacks appeared two days after the vulnerability was disclosed. According to antivirus vendors, the attackers haven’t used the exploit as published by the discoverer of the vulnerability, but a lightly customized version. The amount of victims is small and the majority of them are located in Chili, Germany, India, Philippines, Poland, Russia, the United Kingdom, the United States and Ukraine.
Before the new vulnerability in Windows can be exploited, the attackers need to have access to the system. To obtain this, the attackers use emails with malicious attachments.
“This specific campaign targets a limited number of users, but don’t be fooled by that: it shows that cybercriminals also follow the news and work on employing exploits as soon as they are publicly available,” according to ESET on its website.
While Microsoft is working on an update, several workarounds are available. CERT Coordination Center (CERT/CC) of the Carnegie Mellon University lists several on its website. A security company has also developed an unofficial patch.