Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Local Privilege escalation vulnerability in Windows OS
Image
Published : 17/04/2019
Reference:
Advisory #2019-010
Version:
1.0
Affected software:
Windows 7 to 10
Windows Server 2008 to 2019
Type:
Local Privilege escalation
CVE/CVSS:
CVE-2019-0859 - CVE Score 7.8
Sources
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0859
https://threatpost.com/windows-zero-day-active-exploits/143820/
Risks
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This vulnerability is actively exploited into the wild.
Description
This vulnerability has been discovered by 2 Kaspersky researchers earlier this year. According to them, it has been seen exploited actively by APT groups as a zero day.
An attacker, who need to be already logged into the system, can run a specially crafted application to exploit this vulnerability. In the observed attacks, a multi-stage sequence allowed the attackers to establish a HTTP reverse shell.
Recommended Actions
CERT.be recommends administrators to update their Windows with the latest available patches. They can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0859