skout-blog

Cybersecurity Threat Advisory 0066-19: CVE 2019-1458 Windows 0-day Privilege Escalation Exploit

Advisory Overview

Kaspersky has detected a Windows 0-day vulnerability which attackers are using in conjunction with a Google Chrome exploit to take control of unpatched systems. Last month Google patched Chrome for an exploit which allows attackers to hack visitors of compromised websites. When used with the newly discovered Windows exploit on devices with an unpatched version of Chrome, attackers can take control of a vulnerable device, escalate account privileges and modify data. Updates have been released for both Windows and Chrome to patch the detailed exploits.

 

Technical detail and additional information

What is the threat?

Kaspersky has identified an exploit in Windows devices that can allow privilege escalation and escaping the Chrome process sandbox. This allows for control exploited attained through a Chrome exploit which allows attackers to take control of a device when they visit a compromised website to be used on the vulnerable device itself. Attackers can use vulnerable JavaScript code to extract the exploit itself, an embedded DLL file from compromised websites to load the DLL file by redirecting calls, exports and imports to the desired file. Once loaded, the DLL file is able to emulate key presses to escape windows and load relevant system information (OS version, kernel memory addresses) and create its own special memory layout. Finally, the exploit is able to create an object which is used as a controllable pointer value overwrite processes and a token to attain privilege escalation.

Why is this noteworthy?

Affected versions of Windows include versions of Windows 7, Windows 8.1, Windows 10, Windows RT, Windows Server 2008, Windows Server 2012 and Windows Server 2016 which are all commonly used versions by both individuals on personal devices as well as businesses in their respective operations. Additionally, Google Chrome is one of the most commonly used web browsers used by both consumers and businesses. Attackers are able to exploit systems that are unpatched to take control of the devices.

What is the exposure or risk?

When attackers successfully exploit the detailed vulnerabilities, they are able to escalate privileges and modify files and programs that may be available for only certain users. Additionally, attackers are able execute code to gain full control of a device with which they may add or remove programs, steal sensitive information or data and modify system processes.

What are the recommendations?

  • Run Windows Update and apply latest patches available
  • Update Google Chrome by clicking the icon in the browser or restarting the application

References:

For more in-depth information about the recommendations, please visit the following links: