The flaw is being exploited by at least two malicious actors; Users are encouraged to install updates as soon as they are. The most recent Microsoft weekly update package focused on two relevant vulnerabilities, mentioned network security and ethical hacking experts from the International Institute of Cyber Security. First, a fix was released for a flaw that, used in conjunction with a Google Chrome exploit, could allow hackers to take control of a Windows system prior to version 10.
Second, a vulnerability that has apparently been exploited by at least two malicious hacker groups has been patched.
The vulnerability is exploitable in Windows operating system versions between 8 and 10 and, according to network security experts, abuses the Windows graphical subsystem to perform a local privilege escalation. If the attack is successful, hackers could take full control of the victim’s machine.
“Last month we detected an attempt to exploit a new vulnerability in Microsoft Windows; subsequent analyses led to the discovery of a zero-day exploit in win32k.sys”, network security experts who reported the vulnerability mentioned. “The vulnerability, tracked as CVE-2019-0797, is a condition present in the win32k driver that exists due to inadequate synchronization between NtDCompositionDiscardFrame and NtDCompositionDestroyConnection”, the experts added.
As for their exploitation, the specialists believe that the vulnerability has been exploited mainly by two groups of malicious hackers, FruityArmor and SandCat. FruityArmor has been active for about three years, exploiting zero-day vulnerabilities against some government organizations. On the other hand, SandCat is a group recently identified by some cybersecurity firms and agencies.
Microsoft announced the release of an update patch after receiving the vulnerability report. The company took advantage of the patch’s announcement to recommend to its users to install the updates as soon as possible; they also recommend users to follow up on the scheduled updates. “Updates that companies like Microsoft launch regularly are one of the most elementary protection measures against exploiting vulnerabilities”, the specialists mention.
Users must also remain alert to any new report on zero-day vulnerabilities. Windows operating system users, whether individuals or business customers, should be sure to implement the appropriate security measures for their systems such as unique passwords and multi factor authentication.