The flaw is being exploited by at least two malicious actors; Users are encouraged to install updates as soon as they are. The most recent Microsoft weekly update package focused on two relevant vulnerabilities, mentioned network security and ethical hacking experts from the International Institute of Cyber Security. First, a fix was released for a flaw that, used in conjunction with a Google Chrome exploit, could allow hackers to take control of a Windows system prior to version 10.
Second, a vulnerability that has apparently
been exploited by at least two malicious hacker groups has been patched.
The vulnerability is exploitable in Windows
operating system versions between 8 and 10 and, according to network security
experts, abuses the Windows graphical subsystem to perform a local privilege
escalation. If the attack is successful, hackers could take full control of the
victim’s machine.
“Last month we detected an attempt to
exploit a new vulnerability in Microsoft Windows; subsequent analyses led to
the discovery of a zero-day exploit in win32k.sys”, network security
experts who reported the vulnerability mentioned. “The vulnerability,
tracked as CVE-2019-0797, is a
condition present in the win32k driver that exists due to inadequate
synchronization between NtDCompositionDiscardFrame and NtDCompositionDestroyConnection”,
the experts added.
As for their exploitation, the specialists
believe that the vulnerability has been exploited mainly by two groups of
malicious hackers, FruityArmor and SandCat. FruityArmor has been active for
about three years, exploiting zero-day vulnerabilities against some government
organizations. On the other hand, SandCat is a group recently identified by
some cybersecurity firms and agencies.
Microsoft announced the release of an update
patch after receiving the vulnerability report. The company took advantage of
the patch’s announcement to recommend to its users to install the updates as
soon as possible; they also recommend users to follow up on the scheduled
updates. “Updates that companies like Microsoft launch regularly are one
of the most elementary protection measures against exploiting vulnerabilities”,
the specialists mention.
Users must also remain alert to any new report
on zero-day vulnerabilities. Windows operating system users, whether
individuals or business customers, should be sure to implement the appropriate
security measures for their systems such as unique passwords and multi factor
authentication.
