Windows 10 zero day selling for $90,000
Priv esc exploit makes hackers admin from Windows 2000 and up
A Windows zero day vulnerability granting hackers deeper access to compromised machines is being sold for US$90,000 (£62,167, A$124,348).
The local privilege escalation vulnerability is being sold on crime forum exploit.in and promises to help attackers who already have access to hacked machines.
Seller BuggiCorp claims in a sales thread and proof-of-concept videos that the local privilege escalation works on Windows systems from version 2000 to the considerably more secure 10.
It works in the presence of Microsoft's lauded enhanced mitigation toolkit which introduces many security features baked into Windows 10 to older platforms.
Researchers from Trustwave's Spiderlabs team, who found the thread, say the seller is likely legitimate since they're using exploit.in's escrow system. This holds money until both transaction parties are happy.
"It seems the seller has put in the effort to present himself/herself as a trustworthy seller with a valid offering," the team says.
"One of the main indicators for this is the fact that the seller insists on conducting the deal using the forum's admin as the escrow.
"We don't have many public records of what the price of such exploit should be … [it] seems on the high end but still within a realistic price range, especially considering the return on investment criminals are likely to make using this exploit in any campaign."
Indeed it would be loose change for the organised crime groups that pop millions of machines with well-oiled campaigns often using either off-the-shelf exploit kits, or custom modular malware.
The seller's videos demonstrate the zero day working on a Windows 10 machine elevating the cmd.exe process to the system -level privilege account. In practise this would allow a hacker with access to an enterprise computer using a staffer's unprivileged account to gain god-mode rights.
A recent attack demonstrated how a similar local privilege escalation vulnerability was used to gain persistence on Windows point of sales machines to steal credit cards.
The videos were recorded on Microsoft's patch Tuesday ensuring it will work for the longest possible time unless Redmond issues an expensive emergency fix. ®