Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat. SandCat is a relatively new APT group that was discovered only recently, researchers say. Both Mideast-focused APTs are selectively choosing their targets, researchers said. The exploit is targeting 64-bit operating systems in the range from Windows 8 to Windows 10 build 15063, Kaspersky Lab s Boris Larin told Threatpost. Vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Source: https://threatpost.com/sandcat-fruityarmor-exploiting-microsoft-win32k/142751/