Patch issued for critical Windows bug

The two-part Chrome exploit is also associated with Operation WizardOpium

Microsoft has warned users to patch their Windows systems after researchers found that a flaw is being actively exploited in the wild.

The Windows exploit, tagged CVE-2019-1458, has been patched by Microsoft as part of a round of 36 updates across a range of services, and could give attackers higher privileges on compromised machines. Cyber criminals taking advantage of this exploit, moreover, can avoid protection mechanisms in the Google Chrome browser.

The bug has also been connected with a separate Google Chrome exploit that was used in active Operation WizardOpium attacks, as identified by Kaspersky’s SecureList researchers in November. The two-phased attack involved a small portable executable (PE) loader, and then the actual privilege escalation exploit. 

“This type of attack requires vast resources; however, it gives significant advantages to the attackers and as we can see, they are happy to exploit it,” said Kaspersky security expert Anton Ivanov.

“The number of zero-days in the wild continues to grow and this trend is unlikely to go away. Organizations need to rely on the latest threat intelligence available at hand and have protective technologies that can proactively find unknown threats such as zero-day exploits.”

Detailed analysis shows the vulnerability used belongs to the win32.sys driver, and primarily affected Windows 7 machines and a few builds of Windows 10. Not all Windows 10 devices are affected because new OS builds use certain additional protective implement measures.

The exploit, specifically, relates to the window-switching features, for instance, use of Alt-Tab combination. This is why the exploit’s code uses a few WinAPI calls to emulate a key-press.

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory,” the Microsoft Security Research Team said. 

Related Resource

Patch management best practices

Reduce your patch management workload

Download now

“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.”

While the flaw is potentially devastating, to be affected, users’ machines must also have been previously compromised by the Google Chrome vulnerability. This flaw was recently addressed, although hackers are still targeting users with unpatched versions of Chrome. 

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

How Liberty navigated a site relaunch during a pandemic
Sponsored

How Liberty navigated a site relaunch during a pandemic

8 Oct 2020
Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020