CVE-2018-8639 is a vulnerability that was identified in October 2018. It affects all versions of Microsoft Windows, from Windows 7 through to Windows 10, as well as Windows Server 2008 and 2012. The vulnerability is caused by a flaw in the way that Windows handles certain files. Specifically, it arises due to an error in the Windows kernel that fails to properly handle memory objects. This allows an attacker to execute arbitrary code on a targeted system, potentially giving them complete control over the system.
The CVE-2018-8639 vulnerability was initially discovered by security researchers at Kaspersky Lab. They reported the vulnerability to Microsoft, who subsequently released a patch to address the issue. However, because the vulnerability had already been exploited in the wild by cybercriminals, Microsoft also issued an emergency patch outside their normal monthly "Patch Tuesday" cycle.
The exploitation of the CVE-2018-8639 vulnerability was associated with a hacking group known as FruityArmor. This group was thought to be operating out of the Middle East and was primarily targeting government organizations in the region. Their use of this vulnerability was notable because it allowed them to bypass security measures such as ASLR (Address Space Layout Randomization), which had previously been considered an effective defense against certain types of attacks.