Kaspersky has published a report of two zero-day vulnerabilities in Windows 10, which have got patches in latest Microsoft update. One of the vulnerabilities was exploited by a hacker group already. The two bugs were found in Internet Explorer and Print Spooler services, which could let an attacker execute remote code and elevate to admin privileges.
Hackers Exploited Windows Zero-day Bug!
Microsoft is having a rough time since the beginning of this year. Most of the security updates it pushed every month are vested with more bugs than fixes. But, the recent August update has fixed two critical bugs in Windows machines, existing in the Internet Explorer 11 and Print Spooler.
Describing more, the Internet Explorer 11 (CVE-2020-1380) bug was found in its JavaScript engine, which is an RCE exploit, which could be used for triggering the second bug, which is tracked as CVE-2020-0986 in Windows GDI Print/Print Spooler API. It’s used for privilege escalation after the attacker breached into the target system.
Even before being detected, these vulnerabilities were exploited by a hacker against a South Korean company in May this year. After gaining the access, the hacker created a file named “ok.exe,” that leverages the second bug in Print Spooler API to run malicious code with elevated privileges.
This exploitation was named “Operation PowerFall”, and have been reported by an anonymous source from Trend Micro’s Zero-day Initiative in December last year. Again, hackers were immediate to respond to the report published by Kaspersky and exploited in June. And since Kaspersky barred this exploits in its software, it didn’t get any samples to analyse.
But from the exploit pattern, it was linked to a hacker group called DarkHotel, that has been in operation for two decades as per researchers. Users who want to avoid this should be updating to the Windows latest version rolled out on August 11th, found in your Update settings or in Microsoft website.
Other Trending News:- News
