Patch issued for critical Windows bug

The two-part Chrome exploit is also associated with Operation WizardOpium

Microsoft has warned users to patch their Windows systems after researchers found that a flaw is being actively exploited in the wild.

The Windows exploit, tagged CVE-2019-1458, has been patched by Microsoft as part of a round of 36 updates across a range of services, and could give attackers higher privileges on compromised machines. Cyber criminals taking advantage of this exploit, moreover, can avoid protection mechanisms in the Google Chrome browser.

The bug has also been connected with a separate Google Chrome exploit that was used in active Operation WizardOpium attacks, as identified by Kaspersky’s SecureList researchers in November. The two-phased attack involved a small portable executable (PE) loader, and then the actual privilege escalation exploit. 

“This type of attack requires vast resources; however, it gives significant advantages to the attackers and as we can see, they are happy to exploit it,” said Kaspersky security expert Anton Ivanov.

“The number of zero-days in the wild continues to grow and this trend is unlikely to go away. Organizations need to rely on the latest threat intelligence available at hand and have protective technologies that can proactively find unknown threats such as zero-day exploits.”

Detailed analysis shows the vulnerability used belongs to the win32.sys driver, and primarily affected Windows 7 machines and a few builds of Windows 10. Not all Windows 10 devices are affected because new OS builds use certain additional protective implement measures.

The exploit, specifically, relates to the window-switching features, for instance, use of Alt-Tab combination. This is why the exploit’s code uses a few WinAPI calls to emulate a key-press.

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory,” the Microsoft Security Research Team said. 

Related Resource

Patch management best practices

Reduce your patch management workload

Download now

“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.”

While the flaw is potentially devastating, to be affected, users’ machines must also have been previously compromised by the Google Chrome vulnerability. This flaw was recently addressed, although hackers are still targeting users with unpatched versions of Chrome. 

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021