back to article Windows 10 zero day selling for $90,000

A Windows zero day vulnerability granting hackers deeper access to compromised machines is being sold for US$90,000 (£62,167, A$124,348). The local privilege escalation vulnerability is being sold on crime forum exploit.in and promises to help attackers who already have access to hacked machines. Seller BuggiCorp claims in a …

  1. Anonymous Coward
    Anonymous Coward

    I would like to correct a phrase in that article..

    the local privilege escalation works on Windows systems from version 2000 to the considerably more secure 10.

    should be

    the local privilege escalation works on Windows systems from version 2000 to the slightly less unsafe 10, and only then if we consider the rather dramatic ramp up of privacy risks in W10 not a security risk. For the rest it's OK.

    Bootnote: so Win XP is still OK then? :)

    1. Anonymous Coward
      WTF?

      Re: I would like to correct a phrase in that article..

      Why would XP be OK?

  2. Anonymous Coward
    Anonymous Coward

    This:

    "unless Redmond issues an expensive emergency fix"

    Why is it expensive???

    The programmers are employed there anyway.

    1. Bronek Kozicki
      Coat

      Re: This:

      It is expensive in terms of programmer hours needed to reverse engineer the hack, then find and fix the bug being exploited. However the most expensive part is usually testing. Normally both programmer hours and test resources are budgeted to current projects, and even though there are teams dedicated to this kind of work, they are normally busy with paying (support) customers.

      Not that I would know much about it.

      1. Anonymous Coward
        Anonymous Coward

        Re: This:

        Perhaps MS should employ the VX'ers, they seem to have reverse engineered MS closed code VERY quickly and very successfully.

  3. 0laf

    Who needs a zero day, I can't get my damn laptop to install an update from November.

    In new Win10 land I can't download it and patch it manually, or even easily see the error log.

  4. David Roberts
    WTF?

    Prerequisites?

    You already need access via a compromised system.

    Very much like the old Victorian adverts for an infallible way of killing mice.

    Pay, and receive instructions "First catch your mouse....."

    1. DJV Silver badge

      Re: Prerequisites?

      Reminds me of a story about someone whose garden was plagued by caterpillars who found an advert for a kit that guaranteed it could kill 100% of them. Kit was promptly purchased and, upon arrival, was found to be 2 small blocks of wood labelled A and B, and accompanied by some simple instructions which read: "Place caterpillar on block A, hit with block B."

    2. Anonymous Coward
      Anonymous Coward

      Re: Prerequisites?

      Reminds me of the Ebay item promising to cut your phone bills to £0. All you get is a form to send to BT asking them to disconnect your line.

  5. Pirate Dave Silver badge
    Pirate

    Richest company in the world

    Why doesn't Microsoft secretly "buy" this so they know what to patch, then release a patch before someone else releases a live exploit into the wild? I mean, $90k is chump-change to them, but a vulnerability that goes all the way back to Win2k is a possible major disaster for the rest of the world.

    1. Anonymous Coward
      Anonymous Coward

      Re: Richest company in the world

      Why doesn't Microsoft secretly "buy" this so they know what to patch, then release a patch before someone else releases a live exploit into the wild?

      Because then every halfwit in the Universe will want to sell them bugs (at present they get them for free).

      That is problematic for two reasons:

      - there are an awful lot of halfwits in the world;

      - it is Windows. No shortage of bugs there;

      - it means spending money rather than earning, and no member of MS board can ever be caught doing that without the Universe collapsing in itself.

      I have may exaggerated slightly in places, but I think this just about covers it.

      1. Jim Mitchell

        Re: Richest company in the world

        Microsoft has a bug bounty program:

        https://technet.microsoft.com/en-us/library/dn425036.aspx

        max payout is $100,000 (US dollars). $100,000 is greater than $90,000, yes, but you can only get it once, then MS fixes the hole (probably). If you "sell" the bug on the black market, you can sell if multiple times.

  6. Aodhhan

    90K for a LOCAL escalation? C'mon.

    Not to mention the fact, you can buy CC numbers for less than $10 each. $90K will go a long way purchasing them without taking the risk of compromising a system and trying to get a local account to escalate.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • WSL2 on Windows Server 2022 hits Windows Update
    Devs who like a Linux flavor to their server code get a gift from Redmond

    Microsoft has made it official. Windows Subsystem for Linux 2 distributions are now supported on Windows Server 2022.

    The technology emerged in preview form last month and represented somewhat of an about-face from the Windows giant, whose employees had previously complained that while the tech was handy for desktop users, sticking it on a server might mean it gets used for things for which it wasn't intended.

    (And Windows Server absolutely had to have the bloated user interface of its desktop stablemate as well, right?)

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • If you're using older, vulnerable Cisco small biz routers, throw them out
    Severe security flaw won't be fixed – as patches released this week for other bugs

    If you thought you were over the hump with Patch Tuesday then perhaps think again: Cisco has just released fixes for a bunch of flaws, two of which are not great.

    First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it's not going to fix. In other words, junk your kit or somehow mitigate the risk.

    Both of these received a CVSS score of 9.8 out of 10 in severity. The IT giant urged customers to patch affected security appliances ASAP if possible, and upgrade to newer hardware if you're still using an end-of-life, buggy router. We note that miscreants aren't actively exploiting either of these vulnerabilities — yet.

    Continue reading
  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading
  • Microsoft fixes under-attack Windows zero-day Follina
    Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

    Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.

    Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.

    Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

    Continue reading
  • How refactoring code in Safari's WebKit resurrected 'zombie' security bug
    Fixed in 2013, reinstated in 2016, exploited in the wild this year

    A security flaw in Apple's Safari web browser that was patched nine years ago was exploited in the wild again some months ago – a perfect example of a "zombie" vulnerability.

    That's a bug that's been patched, but for whatever reason can be abused all over again on up-to-date systems and devices – or a bug closely related to a patched one.

    In a write-up this month, Maddie Stone, a top researcher on Google's Project Zero team, shared details of a Safari vulnerability that folks realized in January this year was being exploited in the wild. This remote-code-execution flaw could be abused by a specially crafted website, for example, to run spyware on someone's device when viewed in their browser.

    Continue reading
  • Wi-Fi hotspots and Windows on Arm broken by Microsoft's latest patches
    Only way to resolve is a rollback – but update included security fixes

    Updated Microsoft's latest set of Windows patches are causing problems for users.

    Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).

    KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.

    Continue reading
  • To cut off all nearby phones with these Chinese chips, this is the bug to exploit
    Android patches incoming for NAS-ty memory overwrite flaw

    A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.

    The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.

    Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.

    Continue reading

Biting the hand that feeds IT © 1998–2022