Mornigari: Overview of the Latest Windows OS kernel exploits - Boris Larin and Anton Ivanov
Momigari (red leaf hunting) is the Japanese tradition of searching for the most beautiful leaves in autumn.
In the space of just one month in the autumn of 2018, we found a number of zero-day exploits in the wild for the Microsoft Windows operating system. Two of them were for the newest and fully updated Windows 10 RS4, which until then had no known memory corruption exploits.
We also uncovered exploits for vulnerabilities that had been unintentionally fixed with security updates, but which had been unpatched zero-days for a long time leading up to that. These findings shows that exploit writers continue to find new ways to reliably exploit unstable vulnerabilities and bypass modern mitigation techniques for the most secure operating system.
The most interesting thing is that many of these exploits are related. This suggests that the masterminds behind them are not afraid of wasting a number of zero-days at a time because their armory is full.
In this presentation, we will look at multiple local privilege escalation exploits actively used in the wild and tied into a single framework that was not previously known.
This advanced framework shows signs of maturity: the highest standards of code development and a deep technical knowledge of Windows OS inner workings, observed from the shellcodes that are used in the exploits.