Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Windows WMIObjectBroker 0-Day Exploit SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Windows WMIObjectBroker 0-Day Exploit
Rohit from Tippingpoint adviced us that he is seeing a large number of attacks from Russia using an un-patched vulnerability in the WMIObjectBroker ActiveX control. He is seeing it used as part of a drive-by download. Typically, the Trojan "Galopoper.A" is load.

There is no patch available at this point. Tippingpoint and the Bleedingthreats projects have signatures available to detect this attack. Rohit mentioned that there is a metasploit module for this vulnerability. 
I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Defense Initiative 2020

Johannes

4005 Posts
ISC Handler
Nov 8th 2006

Sign Up for Free or Log In to start participating in the conversation!