Microsoft patched one of the ZeroDay flaws current week and has been utilized in intended threats by various attack groups, containing the ones recognized as Kaspersky Lab or FruityArmor and SandCat exposed on Wednesday.
Latest patch of Microsoft updates brings two Windows ZeroDay vulnerabilities that permit strikers to advance advantages. CVE-2019-0808 is one of them which was mentioned to Microsoft by Threat Analysis Group of Google, which has observed it being utilized in intended threats alongside a Chrome ZeroDay. The trailed as CVE-2019-0797 is the second ZeroDay which was according to Microsoft by Kaspersky Lab, which considered the flaw has been utilized by various attacks strikers, containing SandCat and FruityArmor.
FruityArmor has been recognized for different years and the group has been determined since at least 2016, when it utilized a various Windows ZeroDay vulnerability to announce threats on activists, analysts and people associated to government companies in Saudi Arabia, Thailand, Algeria, Iran, Yemen, and Sweden. Recently, Fruity, Armor utilized a Windows ZeroDay in threats purposed at entities in the Middle East. Microsoft fixed that flaw with its October 2018 modifications.
Besides, SandCat is a group that was detected more newly by Kaspersky. Microsoft fixed one of the Windows flaws in December which had been utilized by both SandCat and FruityArmor in threats intending the Middle East and Africa. SandCat has been employing CHAINSHOT and FinSpy/FinFisher spyware, a piece of malware researched earlier the current year by Palo Alto Networks. The group has merely utilized the CVE-2018-8611 and CVE-2018-8589 Windows flaws in its threats, both of which had a ZeroDay condition when Microsoft published patches.
Security Analyst at Kaspersky Lab, Anton Ivanov told media that the organization does not have any details related the intentions of the threats concerning the current Windows ZeroDay, CVE-2019-0797. Kaspersky stated it communicated Microsoft of this security flaw, which it narrated as a race situation in the Win32k driver, on February 22. The security company has researched a piece of malware that utilizes CVE-2019-0797 on devices moving 64-bit versions of Windows eight through Windows 10.
It’s worth noting that CVE-2019-0797 is the fourth deliberately utilized Windows vulnerability detected in coming months by Kaspersky.