News

Microsoft fixed two vulnerabilities that were under attack by Russian hackers

Photo of William Reddy William ReddyJuly 13, 2019
0 74 1 minute read
Russian-speaking hack group Buhtrap

This month, Microsoft engineers eliminated as much as 77 vulnerabilities in the company’s products, 14 of which were rated critical, and another 62 as important. Hackers have already used two of these problems (CVE-2019-0880 and CVE-2019-1132). Both bugs allowed increasing privileges in the system.

The most important among two fixed 0-day vulnerabilities is definitely CVE-2019-1132, allowing for privilege escalation through the Win32k component.

ESET experts discovered the problem when hackers used it for targeted attacks on various targets in Eastern Europe.

Researchers believe that the well-known Russian-speaking hack group Buhtrap, first seen back in 2014, was behind these attacks. Interestingly, until recently, Buhtrap did not use exploits for zero-day vulnerabilities in Windows and only applied solutions developed by other attackers when the vulnerabilities themselves were already closed.

Read also: Cisco fixed number of vulnerabilities, including a dangerous bug in Unified Communications Manager

Related Articles

Now, IB experts are actively building theories about how exactly the information about the 0-day problem fell into the hands of Buhtrap.

The second zero-day vulnerability fixed this month is CVE-2019-0880.

The problem also allows increasing privileges in the system, but through the splwow64.exe component. Researchers have discovered this vulnerability, but currently there are still no details about who and how exactly exploited this bug. It is only known that the vulnerability poses a threat to Windows 10, 8.1, Server 2012, Server 2016, Server 2019, Server 1803 and 1903.

In addition to the above-mentioned zero-day problems, Microsoft fixed six other vulnerabilities, details of which became well known before the release of the patches, and theoretically these bugs could be used by attackers (but so far no such attacks have been recorded).

  1. CVE-2018-15664 (escalation of privileges in Docker);
  2. CVE-2019-0865 (SymCrypt DoS);
  3. CVE-2019-0887 (RDP RCE);
  4. CVE-2019-0962 (escalation of privileges in Azure Automation);
  5. CVE-2019-1068 (Microsoft SQL Server RCE);
  6. CVE-2019-1129 (privilege escalation in Windows).

Tags
Photo of William Reddy William ReddyJuly 13, 2019
0 74 1 minute read
Photo of William Reddy

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.
Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button