CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows

We found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users.

We’ve worked with Oracle through our Zero Day Initiative to patch this flaw, and this has been fixed via Oracle’s October patch update. Users and businesses are accordingly urged to patch and update their version of Java.

In this blog post, we will delve into how this flaw works on Windows — how Java Usage Tracker works and defining the conditions that enabled the exploit.

The post CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows appeared first on .


October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day

This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code.

The post October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day appeared first on .


Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads

A spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to deliver URSNIF as part of or as a response to an existing email thread.

The post Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads appeared first on .


New CVE-2018-8373 Exploit Spotted

On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability.  It's important to note that this exploit doesn't work on systems with updated Internet Explorer versions.

The post New CVE-2018-8373 Exploit Spotted appeared first on .


Viro Botnet Ransomware Breaks Through

We have recently observed the Virobot ransomware (detected by Trend Micro as RANSOM_VIBOROT.THIAHAH) which has botnet capabilities, affecting users in the United States.

The post Viro Botnet Ransomware Breaks Through appeared first on .