Recent News - ESET discovers Windows exploit used in a highly targeted attack


2019-07-10

BRATISLAVA – ESET researchers have recently discovered and analyzed a zero-day exploit deployed in a highly targeted attack in Eastern Europe. The exploit used a local privilege escalation vulnerability in Microsoft Windows. ESET immediately reported the issue to the Microsoft Security Response Center, which fixed the vulnerability and released a patch.

The exploit only has impact on limited versions of Windows, because in Windows 8 and later versions, a user process is not allowed to map the NULL page, which is required for the attack in question to be launched and successful.

This specific Windows win32k.sys vulnerability, like others, uses the pop-up menu for deployment. “For example, the Sednit group’s local privilege escalation exploit we analyzed in 2017 used menu objects and exploitation techniques, which are very similar to the current exploit,” explains ESET Researcher Anton Cherepanov, who discovered the latest exploit. 

The vulnerability (CVE-2019-1132) affects: Windows 7 for 32-bit Systems Service Pack 1; Windows 7 for x64-Based Systems Service Pack 1; Windows Server 2008 for 32-bit Systems Service Pack 2; Windows Server 2008 for Itanium-Based Systems Service Pack 2; Windows Server 2008 for x64-Based Systems Service Pack 2; Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1; and Windows Server 2008 R2 for x64-Based Systems Service Pack 1. Windows XP and Windows Server 2003 are also affected, but these versions are not supported by Microsoft.

“Users who still use Windows 7 Service Pack 1 should consider updating to fresh operating systems, since extended support of Windows 7 Service Pack 1 is going to end on January 14, 2020. Which means that Windows 7 users won’t receive critical security updates,” adds Cherepanov.

For more technical details of the zero-day exploit, read The CVE-2019-1132 vulnerability used in targeted attack on WeLiveSecurity.com. 

 



About Version 2 Limited
 

Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Previous News Next News

Return to the previous page