On the 14th of October 2014 both CrowdStrike1 and FireEye2 published a blog post describing a new zero-day privilege escalation vulnerability on Windows. The CrowdStrike article explains that this new vulnerability was identified in the process of tracking a supposedly highly advanced adversary group named HURRICANE PANDA and has been actively exploited in the wild for at least five month.
The vulnerability was apparently found and reported to Microsoft by both CrowdStrike and FireEye.
It was subsequently fixed by Microsoft in MS14-058. Shortly after, the binaries described in the blog
posts were found in the wild3. At the time of this writing there are several good analysis4 of the
exploit based on those binaries as well as a working Metasploit module which supports all current
32-bit and 64-bit versions of Windows with the exception of Windows 8 and Windows 8.1
more here............http://www.jodeit.org/research/Exploiting_CVE-2014-4113_on_Windows_8.1.pdf
The vulnerability was apparently found and reported to Microsoft by both CrowdStrike and FireEye.
It was subsequently fixed by Microsoft in MS14-058. Shortly after, the binaries described in the blog
posts were found in the wild3. At the time of this writing there are several good analysis4 of the
exploit based on those binaries as well as a working Metasploit module which supports all current
32-bit and 64-bit versions of Windows with the exception of Windows 8 and Windows 8.1
more here............http://www.jodeit.org/research/Exploiting_CVE-2014-4113_on_Windows_8.1.pdf