How much a Windows zero-day exploit that affects all versions of Windows operating system costs on the black market?
It’s $95,000, at least, for the one recently spotted by security researchers.
Researchers from Trustwave’s SpiderLabs team have uncovered a zero-day exploit on Russian underground malware forum exploit.in, affecting all versions of Microsoft Windows OS from Windows 2000 all the way up to a fully patched version of Windows 10.
The zero-day exploit for the previously unknown vulnerability in "every version" of Windows is openly sold for $90,000 (over £62,000).
The security team originally discovered the zero-day exploit last month when the firm saw its ad on a Russian hacking forum for $95,000. However, the price has now been dropped to $90,000.
The zero-day vulnerability in question claims to be a Local Privilege Escalation (LPE) bug in Windows that offers admin access to run malicious code on a victim’s PC and is less dangerous than Remote Code Execution flaws that allow attackers to compromise systems remotely.
In other words, the zero-day exploit by itself will not be able to compromise a system, but as Trustwave explained, would nonetheless be used in almost any scenario as "a very much needed puzzle piece in the overall infection process."
The seller, who goes by the name "BuggiCorp," claims the flaw is located in the win32k.sys kernel driver, and exists through the way Windows handles objects "with certain properties," saying:
"The exploit successfully escapes from ILL/appcontainer (LOW), bypassing (more precisely: doesn’t get affected at all [by]) all existing protection mechanisms such as ASLR, DEP, SMEP, etc. [The zero-day exploit] relies solely on the KERNEL32 and USER32 libraries [DLLs]."
Additional zero-day exploit capabilities include the installation of a rootkit, use on a POS systems and steal credit card data, limited control over a web server and installation of malware on systems, according to Trustwave.
The author went to prove the authenticity of his claims by providing two videos of the exploit on YouTube, from which one can be viewed below.
Trustwave alerted Microsoft of the potential Windows exploit.
"Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible," Microsoft said in a statement. "We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide solutions via our current Update Tuesday schedule."