New Windows Zero-Day Flaw Patched by Patch Tuesday

How many millions of lines of code does Windows have by now? An astonishing 50 million and counting. It’s a wonder if Windows will ever be completely patched up and secured as more and more vulnerabilities come up. More code is added to patch those vulnerabilities and that added code could inadvertently introduce more.

The recent Windows patch Tuesday patched 74 more flaws, one of which is a zero-day vulnerability that has the potential to allow attackers to take control of unpatched systems. That flaw is also present in older 64-bit Windows versions so Windows 7 and XP holdouts beware

“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights… To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.”

–Microsoft

The zero-day flaw is one of five local privilege escalation flaws made known to Microsoft by Kaspersky Labs; dubbed CVE-2019-0859 is present within Win32K.sys which can be exploited because of its improper handling of objects in memory.

The other four have been patched in previous updates. Malicious parties can take advantage of the flaw by creating a backdoor through Windows Powershell.

The script language’s flexibility makes it possible for expert users to get into the nitty gritty places within the operating system, places even Microsoft isn’t aware of. Which makes the activity technically legit and can bypass consumer security products. Windows cannot protect against itself and more and more hackers turn to Powershell to inject and run their payload in unsuspecting Windows systems.