A single Windows zero-day vulnerability could be sold amongst the underground cybercrime markets, potentially affecting more than 1.5 billion Windows users, researchers at Trustwave have found.
Although not confirmed, the local privilege escalation (LPE) exploit affects every version of Microsoft Windows, from Windows 2000 up to Windows 10 and could allow cyber criminals to wreak havoc on computers.
The threats come from the ability for hackers to give any Windows user accounts administrator privilege, thus allowing access to potential areas such as malicious software installation, network access, user settings and remote control of a computer.
Researchers at Trustwave's Spiderlabs Research stated in a blog that while zero-exploits are still rare, they are still worrying.
Although it is difficult to ascertain the kind of prices they are worth in the underground economy, but malware developers are increasingly monetising threat development and selling them for high prices.
Spiderlabs Research has found examples of underground forums that are collaborative hubs to hire malware coders, as well as leasing exploit kits and purchasing web shells and bot nets. the purchase of web shells or botnets.
Spiderlabs Research recommends: