ESET: A loophole in Windows used to launch high attacks

ESET researchers recently discovered a "no-wait attack" (0-day), which was published with the aim of launching high-targeted electronic attacks in Eastern Europe. The attack exploits the vulnerability of local privilege escalation in Microsoft Windows. The company said in a statement, yesterday, that it


ESET researchers recently discovered a "no-wait attack" (0-day), which was published with the aim of launching high-targeted electronic attacks in Eastern Europe. The attack exploits the vulnerability of local privilege escalation in Microsoft Windows. The company said in a statement yesterday that it immediately reported the problem to the Microsoft Security Response Center, which repaired the vulnerability and issued a correction.

The company noted that the exploitation only affects limited versions of Windows, because in the version of Windows 8 and the following, the user process is not allowed to map the page (NULL), which is required to start the attack mentioned successfully.

The vulnerability of Windows Win32k.sys uses the pop-up menu for deployment. "The escalation of the local concessions of the Sednit group, which we analyzed in 2017, exploits the use of menu elements and methods and methods of exploitation, which are very similar to the current exploitation," said Anton Cheripanov, a researcher at Ecet.

The impact of the "CVE-2019-1132" vulnerability on the following operating system versions: Windows 7 for 32-bit SP1, Windows 7 for x64-based Systems SP1, Windows Server 2008 for 32-bit SP1, and Windows Server 2008 for System Itanium-based SP1, Windows Server 64-based SP1, Windows Server 2008 R2 for Itanium-based SP1, Windows Server 2008 R2 x64-based SP1, and Windows XP , And Windows Server 2003, but these versions are not supported by Microsoft.

"Users of Windows 7 SP1 should think about updating their operating systems, because extended support for this system will end on January 14, 2020, which means that users will not receive important security updates," he added.

ref: emara