The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities
source https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html
source https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html