A hacker going by the nickname BuggiCorp has for sale a zero day that affects all versions of Windows and can allow an attacker to escalate privileges on software processes to the highest level available in Windows (system).
Trustawave security company discovered last May that exploit was being advertised in a Russian base hacking forum for 90.000 dollars. The latest update to the forum's publication was at 23 May, and raised the original price to 95.000 dollars.
Ο BuggiCorp δημοσίευσε δύο βίντεο στο YouTube, που παρουσιάζουν το zero-day σε δράση, με μια κλιμάκωση προνομίων σε ένα πλήρως ενημερώμενο σύστημα με Windows 10 στην τελευταία ενημερωμένη version of the safety code (May 2016). Another video shows the bypassing of all the security features included in the latest version of Microsoft's EMET toolkit.
BuggiCorp declares that it will sell the exploit to only one person, and that the buyer will get the source code, a fully functional demo, a Microsoft Visual Studio 2005 file file, and free future updates for any version of Windows can not to run the exploit.
The vendor makes it very clear that the exploit works on all versions of Windows, which according to Microsoft's statistics can affect over 1,5 billion users.
Trustwave, however, and other experts believe that zero day is overpriced, but that someone will pay it eventually.
To get an idea of the prices of other hacking tools, here are two examples, from a pricelist of a vendor called Zerodium, and a list of pricing hacking services from a Dell report.
In addition, experts also believe the zero day is not worth as much because it can not be used to infect computers, but only to escalate the privileges of the attacker.
Watch videos:
