Microsoft patched two zero-day vulnerabilities in Windows that were being exploited by Korean hackers, according to Moscow-based cybersecurity firm Kaspersky.
A publication for the company SecureList The security blog said that Kaspersky stopped an attack on a South Korean company in May. The attackers used two zero-day exploits taking advantage of previously unknown software flaws: “a remote code execution exploit for Internet Explorer 11” and “an elevation of privilege (EoP) exploit for Windows.”
- Best VPN: Add an Extra Layer of Security with a Virtual Private Network
- Stay safe online with the best password managers
- Only in: Windows 10 update just reinvented copy and paste for millions of users
Kaspersky reported the new vulnerabilities to Microsoft, which fixed the elevation of privilege bug on June 9 and the Internet Explorer crash yesterday (August 11).
The first was assigned the catalog number. CVE-2020-0986, it could have given additional powers to an attacker who was already logged into a Windows system. By using those elevated privileges, the attacker could have installed, removed, or alerted about system settings or existing software. That’s bad, but not terrible, and Microsoft called it “important.”
The second, listed as CVE-2020-1380, would allow an attacker controlling a malicious website to gain user privileges on a system that opens a page on the website in Internet Explorer.
With the second day zero, the attacker’s privileges would match only those of the user whose browser opened the web page. If the user was running as a limited user without administrator privileges, then the attacker couldn’t do much.
However, if the user ran as an administrator, the impact would be much worse and the attacker could do almost anything on the victim’s computer. This, combined with the fact that the attack occurs over the Internet, gave it a severity rating of “critical”.
(These attacks are the reason why we recommend everyone to run their daily computing activities under a limited account. Staying logged in as an administrator is too risky).
If the two flaws are combined, the impact could be devastating. The attacker could use the Internet Explorer flaw to gain a foothold in the system, albeit a limited one. The privilege elevation failure would give the attacker administrative powers to escape the limits of a limited account.
Kaspersky said the company was not yet able to definitively link these attacks to known threat actors, but added that there were indications that a Korean group called DarkHotel might be involved.
DarkHotel has been active for over a decade and got its name when Kaspersky researchers spotted it tracking hotel guests in East Asia in 2014. The group has also infiltrated defense industry targets in the US. USA
Interestingly, while the most sophisticated cyberattacks on the Korean peninsula come from North Korean state-sponsored hackers, DarkHotel is believed to be a South Korean group, possibly backed by the South Korean government itself.
Microsoft also patched another zero-day vulnerability yesterday. Catalog number CVE-2020-1464 It is described as a spoofing issue that could cause Windows to incorrectly authenticate file signatures.
This vulnerability is also being exploited, but Microsoft did not say how or by whom. It has a severity rating of “significant.”
To make sure you’re protected from all these flaws, run this month’s Patch Tuesday updates on Windows Update.
Strong Patch Tuesday
In total, yesterday Microsoft released security patches for 120 different flaws, affecting Windows, Edge, Microsoft Scripting Engine, .NET Framework, SQL Server, Dynamics, Office, and many other products.
Of these, 17 of them were categorized as “critical”. This is the most severe rating that can be given to a security flaw, putting users at immediate risk of attack.
Don’t be a privacy procrastinator
“When updates are rated, the super-security conscious patch them all instantly, but the procrastinators between us can skip the less important ones,” Jake Moore, an ESET security specialist, told Tom’s Guide. “It can be very dangerous for you to believe that you are not at risk of certain attacks, but some people and even companies keep their heads in the sand.
He added: “However, whether the rating is critical or not, it is always worth patching as soon as possible to help protect where possible. Rating such vulnerabilities could even cause harm not only to the patching organization, but to Microsoft as well.
“There is a possibility that companies will argue with Microsoft that a remarkably ‘major’ patch may have been more critical to them on a particular threat, so standalone updates are the best way to stay protected.”
- Plus: Stay anonymous on your PC with one of the best Windows 10 VPNs