Zero-day vulnerability in Windows

Our Bureau Hyderabad | Updated on December 23, 2019 Published on December 23, 2019

Cyber security experts have found a zero-day vulnerability in Windows, allowing attackers to gain higher privileges on the target machine and dodging protection mechanisms in the Google Chrome browser. The newly discovered exploit was used in the malicious WizardOpium operation.

A zero day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. At that point, it is exploited before a fix becomes available from its creator. Zero-day vulnerabilities are basically bugs in software, which leaves the doors open for cyber criminals to break into the system.

“The newly discovered Windows zero-day elevation of privileges (EoP) exploit (CVE-2019-1458) was embedded into a previously discovered Google Chrome exploit. It was used to gain higher privileges in the infected machine as well as to escape the Chrome process sandbox – a component built to protect the browser and the victim’s computer from malicious attacks,” a Kaspersky executive said.

The vulnerability could be tapped on the latest patched versions of Windows 7 and even on a few builds of Windows 10. New versions of Windows 10 have not been affected, though.

“This type of attack requires vast resources; however, it gives significant advantages to the attackers,” Anton Ivanov, security expert at Kaspersky, has said.

The vulnerability was reported to Microsoft and patched on December 10, 2019.

How to fix

Windows users will require to install Microsoft’s patch for the new vulnerability at the earliest to keep tabs on the hackers. Besides patching the vulnerability, users are should also update all other software installed on a system.

Kaspersky also ask the users to try out sandbox technology tools to analyse suspicious objects.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on December 23, 2019
This article is closed for comments.
Please Email the Editor