#Dridex leverages known CVE's

Recent analysis of a Dridex sample has evidence of two hard coded references to CVE's below the elevation code for .sdb abuse.

 

Internal code references to two known RCE vulnerabilities in Windows.

Probably another method of bypassing UAC now that Microsoft patched the .sdb abuse method first noticed in February and noted by CERT-JP