image

The Microsoft Vulnerability That Went Global In One Zero-Day

Dec 23, 2019

Microsoft Windows OS went from 100 to Zero-Day in little to no time on August 27, 2018. Although not many systems were affected, the attack went global. Here is a breakdown of the vulnerability that traveled the world:

Windows 10

What Happened On August 27, 2018

A vulnerability was found that affected Windows 7 through 10 when Advanced Local Procedure Calls (ALPS) were being misused. Basically, attackers were able to gain access to the computer they were targeting and take control with full user rights. Then, on August 27 the Proof of Concept code for this attack was posted on the internet, giving the whole world the ability to make an attack. As the information traveled, the exploitation happened almost immediately.

Patching Couldn’t Come Fast Enough

Just a few days later, the patch for the vulnerability was available on September 2018 Patch Tuesday. But a few days was not fast enough as hackers caught on quick and didn’t waste any time. Before you knew it, people from around the world were being exploited on their Microsoft Windows computers.

What You Didn’t Know

What is interesting about this vulnerability was the fact that it was not the only one of it’s kind to be shared with the public. However, it was the only one that apparently sparked enough interest to be exploited instantly. Despite the fact that three other vulnerabilities were shared around the same time, it seems that Microsoft vulnerability was the only one to catch the attention of attackers.

Whether a vulnerability is interesting enough for attackers to exploit or not, it is important to eliminate a threat before it becomes an issue. Before you know it, it might be too late.

image

Written by

Michael Assraf

Recent Posts

  • 1

    February 2021 Patch Tuesday Rundown

    Kent Weigle March 03, 2021
  • 2

    Could the Vulnerability Fujiwhara Effect Be the New Normal?

    Kent Weigle January 18, 2021
  • 3

    Six Ways to Improve Your Patch Management Practices

    Kent Weigle January 05, 2021
  • 4

    Top Trending CVEs of January 2021

    Kent Weigle February 01, 2021
  • 5

    So I Really Have to Update Chrome?

    Kent Weigle February 08, 2021
quote-topia.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial