03-15-2019, 10:41 AM
![[Image: hackerhackingdarkhoodie-580x358.jpg]](https://www.v3.co.uk/w-images/3a55120f-2d24-4c56-83b9-f0bb8231a957/0/hackerhackingdarkhoodie-580x358.jpg)
A Zero-Day in Windows OS is currently being exploited in the wild, and aspiring APT groups have been hot on its trail. A fairly new APT group, designated "SandCat" has been utilizing the Zero-Day for quite some time. This group was originally observed engaging in activity in 2018, but according to speculation, they may have been around for some time.
The Zero-Day, designated CVE-2019-0797 is a vulnerability that is located in the win32k driver due to a bad sync between undocumented two syscalls.
Researchers from Kasbersky Labs, had this to say in regards to the Zero-Day:
“The problem lies in the fact that when the syscalls NtDCompositionDiscardFrame and NtDCompositionDestroyConnection are executed simultaneously, the function DiscardAllCompositionFrames may be executed at a time when the NtDCompositionDiscardFrame syscall is already looking for a frame to release or has already found it. This condition leads to a use-after-free scenario.”
Microsoft has urged all Windows users to update their systems with the latest patch for this vulnerability.
Original article can be found here.
That was the news folks, have a good week, and stay safe out there.
--Mad-Architect