Patch issued for critical Windows bug

The two-part Chrome exploit is also associated with Operation WizardOpium

Microsoft has warned users to patch their Windows systems after researchers found that a flaw is being actively exploited in the wild.

The Windows exploit, tagged CVE-2019-1458, has been patched by Microsoft as part of a round of 36 updates across a range of services, and could give attackers higher privileges on compromised machines. Cyber criminals taking advantage of this exploit, moreover, can avoid protection mechanisms in the Google Chrome browser.

The bug has also been connected with a separate Google Chrome exploit that was used in active Operation WizardOpium attacks, as identified by Kaspersky’s SecureList researchers in November. The two-phased attack involved a small portable executable (PE) loader, and then the actual privilege escalation exploit. 

“This type of attack requires vast resources; however, it gives significant advantages to the attackers and as we can see, they are happy to exploit it,” said Kaspersky security expert Anton Ivanov.

“The number of zero-days in the wild continues to grow and this trend is unlikely to go away. Organizations need to rely on the latest threat intelligence available at hand and have protective technologies that can proactively find unknown threats such as zero-day exploits.”

Detailed analysis shows the vulnerability used belongs to the win32.sys driver, and primarily affected Windows 7 machines and a few builds of Windows 10. Not all Windows 10 devices are affected because new OS builds use certain additional protective implement measures.

The exploit, specifically, relates to the window-switching features, for instance, use of Alt-Tab combination. This is why the exploit’s code uses a few WinAPI calls to emulate a key-press.

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory,” the Microsoft Security Research Team said. 

Related Resource

Patch management best practices

Reduce your patch management workload

Download now

“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.”

While the flaw is potentially devastating, to be affected, users’ machines must also have been previously compromised by the Google Chrome vulnerability. This flaw was recently addressed, although hackers are still targeting users with unpatched versions of Chrome. 

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021