In early March, our proactive security technologies detected a move to exploit a system vulnerability in Microsoft Windows. In this analysis, our old friend win32k, who has already found similar system vulnerabilities four times before.a zero-day system vulnerability has been exposed in sys.
In early March, our proactive security technologies detected a move to exploit a system vulnerability in Microsoft Windows. In this analysis, our old friend win32k, who has already found similar system vulnerabilities four times before.a zero-day system vulnerability has been exposed in sys. We reported this issue to a developer and this system vulnerability was repaired with a patch released on April 10.
What are we dealing with?
CVE-2019-0859 is a Use-after-Free system vulnerability in a system function related to dialogs, or rather their additional styles. The exploit model, which was found to be in use, targeted 64-bit versions of the OS from Windows 7 until the final construction of Windows 10. When this system vulnerability is exploited, malicious software starts to execute by downloading a script written by attackers, and eventually the business can get to the point where the infected PC is completely out of control.
Or, at least, that’S how the APT group, which is still unidentified, tried to use it. Taking advantage of this vulnerability, they got the privilege needed to install a secret door created with Windows PowerShell. In theory, this should have allowed cyber criminals to hide themselves. The weapon was loaded through this secret door so that cybercriminals could gain access to the entire infected computer. See Securelist for details on how this exploit works.
How can you protect yourself?
All of the following methods of protection have been listed several times before, and there is nothing new to add specifically to them.
First, close the system vulnerability by installing Microsoft’s update.
Regularly update all the software used in your company, especially operating systems, to the latest versions.
Use security solutions with behavioral analysis technologies that can detect even unknown threats.
CVE-2019-0859 exploiting the system vulnerability was initially determined by the behavioral detection engine and automatic abuse prevention technologies that are part of our Kaspersky Endpoint Security for Business solution.
If your administrators or information security team need to better understand the methods used to detect Microsoft zero-day threats, we recommend our three windows Zero-day webinars in three months.
