ESET discovers Windows 0 day exploit

In News

ESET researchers have recently discovered and analyzed a 0-day exploit deployed in a highly targeted attack in Eastern Europe. The exploit used a local privilege escalation vulnerability in Microsoft Windows. ESET immediately reported the issue to the Microsoft Security Response Center, which fixed the vulnerability and released a patch.

The exploit only has impact on limited versions of Windows, because in Windows 8 and later versions, a user process is not allowed to map the NULL page, which is required for the attack in question to be launched and successful.

This specific Windows win32k.sys vulnerability, like others, uses the pop-up menu for deployment. “For example, the Sednit group’s local privilege escalation exploit we analyzed in 2017 used menu objects and exploitation techniques, which are very similar to the current exploit,” explains ESET Researcher Anton Cherepanov, who discovered the latest exploit.

The vulnerability (CVE-2019-1132) affects: Windows 7 for 32-bit Systems Service Pack 1; Windows 7 for x64-Based Systems Service Pack 1; Windows Server 2008 for 32-bit Systems Service Pack 2; Windows Server 2008 for Itanium-Based Systems Service Pack 2; Windows Server 2008 for x64-Based Systems Service Pack 2; Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1; and Windows Server 2008 R2 for x64-Based Systems Service Pack 1. Windows XP and Windows Server 2003 are also affected, but these versions are not supported by Microsoft.

“Users who still use Windows 7 Service Pack 1 should consider updating to fresh operating systems, since extended support of Windows 7 Service Pack 1 is going to end on January 14, 2020. Which means that Windows 7 users won’t receive critical security updates,” adds Cherepanov.

Comments

You may also read!

Kaspersky in partnership with Area9 Lyceum unveils Kaspersky Adaptive Online Training

Kaspersky has unveiled its new Kaspersky Adaptive Online Training, developed in partnership with Area9 Lyceum. The solution generates a

Read More...

SentinelOne chosen as the official cybersecurity provider to Aston Martin Lagonda

SentinelOne has been announced as the official cybersecurity provider to British luxury car manufacturer, Aston Martin Lagonda, deploying the

Read More...

Tenable ranked number one for device vulnerability management for 2019

Tenable, Inc. today announced that it has been ranked #1 for device vulnerability management for 2019 market share in

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu