Exploit Windows in a highly targeted attack

The of ESET recently discovered and analyzed an exploit for an "0day" attack technique in a highly targeted Eastern European attack.

The exploit was based on the use of a Local Privilege Escalation (LPE) vulnerability in the Microsoft Windows operating system. ESET immediately reported the issue to the Microsoft Security Response Center, which in turn fixed the vulnerability and issued a patch.

Feat

Only some limited versions of Windows are affected by this exploit, as in Windows 8 and in later versions, a user process can not connect to a NULL page, a parameter that is required to initiate and succeed the attack.

This vulnerability of Windows Win32k.sys, like the others, uses the popup menu.

“For example, in the LPE attack by exploiting the Sednit team that we analyzed 2017 menu items and exploitation techniques were used, much like the current exploit, ”explains ESET researcher Anton Cherepanov, who discovered the recent vulnerability.

The vulnerability (CVE-2019-1132) affects the following operating systems: Windows 7 1 for 32-bit systems, Windows 7 Service Pack 1 for x64 edition systems, Windows 2008 Service Pack 2 for 32-bit systems, Windows Server 2008 Service Pack 2 for Itanium-based systems, Windows Server 2008 Service Pack 2 for x64-based systems, Windows Server 2008 R2 Service Pack 1 for Itanium-based systems, and Windows Server 2008 R2 Service Pack 1 for x64 version systems.

They are also affected and Windows Server 2003, but these versions are not supported by Microsoft.

"Users still using Windows 7 Service Pack 1 should consider upgrading to new operating systems, as the extensive του Windows 7 Service Pack 1 πρόκειται να λήξει στις 14 Ιανουαρίου 2020. Αυτό σημαίνει ότι οι χρήστες των Windows 7 δεν θα λαμβάνουν κρίσιμες ενημερώσεις ασφαλείας” προσθέτει ο Cherepanov.

More technical details about the "0day" exploit can be found in the article The CVE-2019-1132 vulnerability used in targeted attack at WeLiveSecurity.com.

_________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).