This week, Microsoft released Patch Tuesday security updates for March 2019 that address 64 flaws, including two Windows zero-day vulnerabilities exploited in targeted attacks.
One of the flaws, tracked as CVE-2019-0808, was disclosed by Google’s Threat Analysis Group after it has observed targeted attacks exploiting the issue alongside a recently addressed flaw in Chrome flaw (CVE-2019-5786).
The second zero-day, tracked as CVE-2019-0797, was reported to Microsoft by experts at Kaspersky Lab, which states the issue has been exploited by several threat actors, including FruityArmor and SandCat APT groups.
FruityArmor is a cyber-espionage group that was first observed in 2016 while targeting activists, researchers, and individuals related to government organizations in Thailand, Iran, Algeria, Yemen, Saudi Arabia,
In October 2018, FruityArmor exploited another Windows zero-day in targeted attacks aimed at entities in the Middle East.
The SandCat APT was discovered by Kaspersky Lab at the end of 2018 when the group used a flaw (CVE-2018-8611) addressed with security updates released by Microsoft in December.
The CVE-2018-8611 is a race condition that resides in the Kernel Transaction Manager, and most interesting, it could be used to escape the sandbox of the Chrome and Edge web browsers.
The vulnerability was reported to Microsoft by Kaspersky Lab that in two months reported other two Windows zero-days, CVE-2018-8453 and CVE-2018-8589, respectively exploited by FruityArmor and multiple threat actors in attacks mostly aimed at the Middle East.
SandCat was also using the FinFisher/FinSpy spyware and the
“In addition to CVE-2019-0797 and
At the time of writing, Kaspersky Lab does not have any information about the targets of the attacks involving the
The CVE-2019-0797 vulnerability is the fourth zero-day vulnerability actively exploited in recent months by Kaspersky.
(SecurityAffairs – CVE-2019-0797, hacking)