Zero-Day Selling for $90,000 and potentially targeting 1.5 billion Windows Users - expert comments
June 2016 by Marc Jacob
Security researchers have discovered a Windows zero-day vulnerability that is going for $90,000 on the underground cyber crime market. A post from a cyber criminal on an underground forum, claims to have this vulnerability which could affect almost all Windows users. If the claims are true, the local privilege escalation vulnerability exists in all versions of Microsoft Windows OS starting from Windows 2000, potentially impacting over 1.5 billion Windows users.
If exploited, the vulnerability allows attackers to upgrade any Windows user level account to an administrator account, giving them access to install malicious software, gain access to other machines, change user settings and an array of other potentially damaging acts. Brian Krebs has also blogged on this vulnerability.