According to the latestKaspersky Lab Report,a Windows Zero-Day vulnerability is serving as a backdoor for hackers to take control of users’ PCs.
The latest exploit utilizes ause-after-free attackand has a technical name CVE-2019-0895. The exploit is found in win32k.sys and grants hackersLocal Privilegemeaning they’re able to access resources usually outside of users’ capabilities.
How Windows Zero-Day Vulnerability Works?
A normal program functions in the following way:
When the task is finished, the connection between pointer and memory separates and the program inside memory is deleted.
The anomaly occurs when the pointer becomes a dangling pointer, which keeps pointing to one particular memory even when the task is finished. Hackers exploit these dangling pointers to plant custom programs by replacing the existing program in the said memory with malicious code.
This process constitutes a use-after-free attack and the concerned exploit works as follows:
Who Are Affected?
The use-after-free attack is a type of buffer overflow attack and operating systems have security in place to deal with such discrepancies. Windows utilizes the process of Address Space Layout Randomization (ASLR) for the same.
However, the exploit was targeting 64 bits of Windows 7, 8 and older versions of 10 using HMValidateHandle technique and bypassing ASLR.
The Windows Zero-day vulnerability, in a nutshell, allows the hackers to run code in the kernel, thus giving them elevated access
Since the time of being reported by Kaspersky Labs, Microsoft has taken action against this vulnerability and pushed an update.
