Some have referred to the zero-day as bering of “limited impact” as it is a local privilege escalation — which means the hackers have to already be on the machine. But this ignores that hackers often use multiple vulnerabilities in part of a larger attack. For example, vulnerabilities chained together can end up becoming highly significant. Here are some examples:
- Crypto mining malware — which has been labeled as one of the top threats by many in the industry — often uses local privilege escalation
- Ransomware has also been known to use local privilege escalation — and WannaCry is a great example of this
- Industrial control systems operated by Windows machines will often need local privilege escalation so the attacker can manipulate the hardware form the Windows computer. Stuxnet is a great example of this.
Especially due to the popularity of illicit crypto mining, we expect there to be hacker interest in this vulnerability. At CYR3CON, we have found that Windows 10 vulnerabilities are over-represented in hacker discussions. However, as the proof-of-concept exploit can be easily modified for multiple versions of Windows, we can expect the impact to be even greater.
Based on current trends, we can expect to see integration of this vulnerability with various malware platforms. Illicit crypto mining is on an upward trend, so it would make sense to see it used in that type of attack. In time, we may even see Metasploit modules which could enable a variety of attacks.
With the large user base of Windows and the fact that the proof-of-concept code is out before the patch, we can expect to see the engineering efforts by hackers move quickly.
And the hackers don’t have to even weaponize before Microsoft releases a patch — they only need to weaponize before the patch is widely applied.
So the race is on!