A hacker alias BuggiCorp has for sale a zero day that affects all versions of Windows and could allow an attacker to escalate process privileges software to the highest level available in Windows (system).
Security company Trustawave discovered last May that the exploit was being advertised in an underground Russian hacking forum για 90.000 δολάρια. Η τελευταία information in the forum post it was on May 23rd, and raised the starting price to $95.000.
BuggiCorp has released two zero-day live videos on YouTube with a privilege escalation to a fully-updated Windows 10 system in the latest security code update (May 2016). Another video shows the circumvention of all the security features included in the latest version of Microsoft's EMET toolkit.
BuggiCorp declares that it will sell the exploit to only one person, and that the buyer will get the source code, a fully functional demo, a Microsoft Visual Studio 2005 file file, and free future updates for any version of Windows can not to run the exploit.
The vendor makes it very clear that the exploit works on all versions of Windows, which according to Microsoft statistics can affect more than 1,5 billion users.
Η Trustwave however, other experts believe that zero day is overpriced, but that someone will eventually pay for it.
To get an idea of the prices of other hacking tools, here are two examples, from a pricelist of a vendor called Zerodium, and a list of pricing hacking services from a Dell report.
In addition, experts also believe the zero day is not worth as much because it can not be used to infect computers, but only to escalate the privileges of the attacker.
Watch videos:
