Menu
Cost of a Windows zero-day exploit? This one goes for $90,000

Cost of a Windows zero-day exploit? This one goes for $90,000

The exploit supposedly allows hackers to gain system privileges on a Windows system once they have code execution capabilities

Ever wonder how much an exploit for a previously unknown vulnerability that affects all Windows versions costs on the black market? The answer, according to a recent offer seen on a cybercrime forum, is $90,000.

The offer was observed by researchers from security firm Trustwave on an underground market for Russian-speaking cybercriminals, where users hire malware coders, lease exploit kits, buy access to compromised websites or rent botnets.

Zero-day exploits -- exploits for unpatched vulnerabilities -- are typically used for cyberespionage. Hackers sell them to governments and large corporations, under strict non-disclosure agreements, often through specialized brokers, so it's uncommon to see them traded on cybercrime forums.

While it's hard to prove the authenticity of the offer without actually buying the exploit, there are strong indications that the author's claims are real, the Trustwave researchers said in a blog post.

The author went to great effort to prove that he has what he claims: a local privilege escalation exploit that works on all Windows versions since XP, including Windows Server editions, and bypasses common exploit mitigations like DEP, SMEP and ASLR.

The vulnerability is supposedly located in the win32k.sys kernel driver, which historically has been a source of many privilege escalation flaws. The exploit relies solely on the KERNEL32 and USER32 Windows libraries (DLLs), the seller claims.

The original starting price was $95,000, but it has since dropped to $90,000. For this sum, the exploit author offers the exploit's source code as well as consultation and help integrating it into the buyer's project.

While privilege escalation flaws do not, by themselves, allow the remote compromise of a computer system, they're still an important part of most attack chains. Many applications now run with limited privileges on Windows or have sandboxing mechanisms meant to prevent a full system compromise if an attacker finds and exploits a remote code execution vulnerability in them.

In such environments, attackers need privilege escalation exploits to gain system-level access and take full control of a computer, making them highly valuable. With system privileges attackers can then install rootkits and hide their malicious code from security products for increased stealth and persistence.

In a Windows server environment, a simple SQL or file injection vulnerability in a website can turn into a complete server compromise through such an exploit.

Based on the little data that has leaked into the public domain about exploit prices, $90,000 for a Windows privilege escalation exploit is "on the high end but still within a realistic price range, especially considering the return on investment criminals are likely to make using this exploit in any campaign," the Trustwave researchers said.

Microsoft did not immediately respond to a request for comment.

If the exploit seller's claims are accurate, it's hard to defend against this exploit, especially since a demo video shows the exploit successfully bypassing all the protections enforced by Microsoft's Enhanced Mitigation Experience Toolkit (EMET).

That said, users should make sure that they take the common precautions like keeping their software up-to-date and running a capable security product. This could break a different link in a potential attack chain, such as a remote code execution exploit needed to gain access to the system in the first place.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingWindows

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments