Zero-Day offered for $90K; potentially targeting 1.5 billion Windows users.

Position:Security News and Products

Security researchers have discovered a Windows zero-day vulnerability that is going for $90,000 on the underground cyber crime market. A post from a cyber criminal on an underground forum, claims to have this vulnerability which could affect almost all Windows users. If the claims are true, the local privilege escalation vulnerability exists in all versions of Microsoft Windows OS starting from Windows 2000, potentially impacting over 1.5 billion Windows users.

If exploited, the vulnerability allows attackers to upgrade any Windows user level account to an administrator account, giving them access to install malicious software, gain access to other machines, change user settings and an array of other potentially damaging acts. Brian Krebs has also blogged on this vulnerability.

Stephen Gates, chief research intelligence analyst at NSFOCUS commented. "The global vulnerability/exploit market is ever growing and can be quite profitable. Researchers (and hackers the like), search for vulnerabilities in operating systems and applications. Once a vulnerability is found, those that discover it work tirelessly to determine if it can be exploited locally or remotely.

In this case, the Windows vulnerability appears to allow local privilege escalation. What this means is that an attacker can escalate their...

To continue reading