Windows 10 is not vulnerable to two zero-day exploits that were discovered in a test PDF document uploaded to VirusTotal by a cybercriminal at the end of March this year. Microsoft also hasn’t detected any attacks that exploit the known vulnerabilities in Windows and Adobe Acrobat Reader, the company writes on a blog on its website.
Zero-day attacks are attacks that abuse vulnerabilities for which no update of the vendor has been released. This makes them very effective, and they make it possible to infect many computers in a short time. Most attacks however, exploit vulnerabilities for which an update is available, but on some computers isn’t installed yet. Often because users and organizations are slow with installing updates, especially if they are not automatically downloaded and installed.
At the end of March this year, security researchers from ESET found an alleged test PDF document, uploaded by a cybercriminal, that combined two zero-day vulnerabilities in Adobe Acrobat Reader and Windows. Through the vulnerabilities the attacker could take full control over a victim’s computer. The document was uploaded to Google’s multi-engine online antivirus scanner, VirusTotal, likely because a cybercriminal wanted to test whether the document would be detected as malicious.
“Finding and neutralizing a double zero-day exploit before an attacker had a chance to use it was an amazing result of the great collaboration between ESET, Microsoft, and Adobe security researchers,” Microsoft writes on its website. The company also notes that is hasn’t detected any attacks that abused the exploits.
Microsoft also discovered that the exploit only worked on Windows 7 and Windows Server 2008. Through the exploit, the attacker could escape from the Adobe Acrobat Reader sandbox and execute code with elevated rights on the Windows system. On Windows 10 systems the exploit doesn’t work, according to Microsoft that is thanks to, “platform hardening and exploit mitigations.”
The vulnerabilities in Windows and Adobe Acrobat Reader were patched in May this year.
The company also notes that Windows Defender ATP (Advanced Threat Protection) on Windows 10 would have detected the code as malicious. Currently ATP is only available for Windows 10, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 but Microsoft is working on a preview for Windows 7 and Windows 8.1