Patch issued for critical Windows bug

The two-part Chrome exploit is also associated with Operation WizardOpium

Microsoft has warned users to patch their Windows systems after researchers found that a flaw is being actively exploited in the wild.

The Windows exploit, tagged CVE-2019-1458, has been patched by Microsoft as part of a round of 36 updates across a range of services, and could give attackers higher privileges on compromised machines. Cyber criminals taking advantage of this exploit, moreover, can avoid protection mechanisms in the Google Chrome browser.

Advertisement - Article continues below

The bug has also been connected with a separate Google Chrome exploit that was used in active Operation WizardOpium attacks, as identified by Kaspersky’s SecureList researchers in November. The two-phased attack involved a small portable executable (PE) loader, and then the actual privilege escalation exploit. 

“This type of attack requires vast resources; however, it gives significant advantages to the attackers and as we can see, they are happy to exploit it,” said Kaspersky security expert Anton Ivanov.

“The number of zero-days in the wild continues to grow and this trend is unlikely to go away. Organizations need to rely on the latest threat intelligence available at hand and have protective technologies that can proactively find unknown threats such as zero-day exploits.”

Detailed analysis shows the vulnerability used belongs to the win32.sys driver, and primarily affected Windows 7 machines and a few builds of Windows 10. Not all Windows 10 devices are affected because new OS builds use certain additional protective implement measures.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The exploit, specifically, relates to the window-switching features, for instance, use of Alt-Tab combination. This is why the exploit’s code uses a few WinAPI calls to emulate a key-press.

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory,” the Microsoft Security Research Team said. 

Related Resource

Patch management best practices

Reduce your patch management workload

Download now

“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.”

While the flaw is potentially devastating, to be affected, users’ machines must also have been previously compromised by the Google Chrome vulnerability. This flaw was recently addressed, although hackers are still targeting users with unpatched versions of Chrome. 

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020