Cybersecurity Threat Advisory 0066-19: CVE 2019-1458 Windows 0-day Privilege Escalation Exploit
Kaspersky has detected a Windows 0-day vulnerability which attackers are using in conjunction with a Google Chrome exploit to take control of unpatched systems. Last month Google patched Chrome for an exploit which allows attackers to hack visitors of compromised websites. When used with the newly discovered Windows exploit on devices with an unpatched version of Chrome, attackers can take control of a vulnerable device, escalate account privileges and modify data. Updates have been released for both Windows and Chrome to patch the detailed exploits.
Technical detail and additional information
What is the threat?
Why is this noteworthy?
Affected versions of Windows include versions of Windows 7, Windows 8.1, Windows 10, Windows RT, Windows Server 2008, Windows Server 2012 and Windows Server 2016 which are all commonly used versions by both individuals on personal devices as well as businesses in their respective operations. Additionally, Google Chrome is one of the most commonly used web browsers used by both consumers and businesses. Attackers are able to exploit systems that are unpatched to take control of the devices.
What is the exposure or risk?
When attackers successfully exploit the detailed vulnerabilities, they are able to escalate privileges and modify files and programs that may be available for only certain users. Additionally, attackers are able execute code to gain full control of a device with which they may add or remove programs, steal sensitive information or data and modify system processes.
What are the recommendations?
- Run Windows Update and apply latest patches available
- Update Google Chrome by clicking the icon in the browser or restarting the application
For more in-depth information about the recommendations, please visit the following links: