On Monday (August 27, 2018) a Local Privilege Escalation (LPE) 0-day was released which reportedly affects Windows 10 and Server 2016, at a minimum. We investigated this to understand the vulnerability, the current Proof of Concept (PoC) exploit, and wanted to write it up in terms which explain the actual risk to organizations.
One of the things that is important to us at GRIMM is making sure there is time to experiment, and explore new ways of approaching problems. We want to answer the big questions like “How can we find vulnerabilities that other tools and manual analysis has overlooked?” This is what we are passionate about. So when one of our engineers has an idea for a new fuzzer, we try to make time for them to put their idea to the test.
Within the context of historical cyber breaches, this can be classified as a massive attack: Equifax, one of the “big three” credit-rating agencies, announced earlier this month thathackers gained access to the Social Security numbers, credit card data, driver’s licenses, home addresses and other personally identifiable information (PII) of up to 143 million Americans. Some two-dozen class-action lawsuits (and counting?) followed, along with stinging criticism from consumer groups and congressional leaders.