The flaw requires being combined with a Chrome browser exploit
Network security and ethical hacking specialists from the International Institute of Cyber Security recommend Windows operating system users to upgrade to version 10 to protect against a critical vulnerability that has already been exploited in the wild.
Unidentified threat actors have combined an unpatched local privilege escalation exploit on Windows with one for a Chrome browser security vulnerability, recently corrected.
Google network security experts publicly revealed this vulnerability: “according to our policies, we reveal the existence of this critical error that has already been exploited actively”, mentions the announcement of the Threat Analysis Group of the company. “This vulnerability can be exploited to elevate privileges or it can be combined with another exploit to bypass security sandbox environments”.
The vulnerability gives attackers a way to break the security spaces that Chrome and other browsers use to prevent malicious code from interacting with sensitive parts of an operating system. The attackers combined an exploit for this vulnerability with the CVE-2019-5786 flaw, report network security experts.
Microsoft officials did not mention an estimated date to launch the correction of this vulnerability, or if they plan to announce a temporary mitigation. A company spokesperson simply declared: “Microsoft has the client’s commitment to investigating the reported security issues and proactively updating as soon as possible”.
Network security experts defined this vulnerability as something new: “This new vulnerability is different because the initial string focused directly on the Chrome code and required the user to restart the browser after downloading the Update. Downloading the update is an automatic action, but users must manually restart the browser.
The value of a privilege escalation vulnerability grows as the effectiveness of security tools like sandboxes environments grows. There are no reports that the unpatched Windows vulnerability is being used in combination with other vulnerabilities, but given its effectiveness, it would not be surprising that this would happen in the future.
Experts say the best way to protect against this vulnerability is by upgrading the Windows system to version 10.