Please consider updating your browser. Some parts of the website may not function as intended.

“Infernal” Actively Exploited Windows Kernel EoP Bug Allows Takeover

Microsoft bug

Microsoft has secured 56 vulnerabilities in the February patch Tuesday, this includes 11 critical vulnerabilities, 6 of which were publicly known. The patches cover components in Microsoft Windows, the .NET framework, Azure IoT, Azure Kubernetes Service, Edge for Android, Exchange server, MSS office services, and web applications, Sky for Business and Lynx, and Microsoft Defender.

CVE-2021-1732 is one of the flaws being actively exploited that carries a vulnerability rating of 7.8. The issue exists in the Windows Win32k operating system kernel and falls under the category of elevation-of-privilege vulnerabilities.

The vulnerability affects Windows 10 and corresponding versions of the Windows Server OS (2016 and above). It is recommended that users running vulnerable versions place a high priority on patching to the latest secure versions.

The impact

This vulnerability allows local users, who are logged on to execute code of their choosing with higher privileges, through running a specially crafted application. Successful attacks can execute code in the context of the kernel and gain SYSTEM privileges, the highest amount of power on a Windows system.

The remediation

In addition to this vulnerability, patches for the remaining 55 vulnerabilities are also available. It is recommended that organisations perform a risk assessment to determine where their security is weakest and patch accordingly.

Source: Threat Post

One thought on ““Infernal” Actively Exploited Windows Kernel EoP Bug Allows Takeover

  1. Gabriel McLeish says:

    Hello Steve,

    To answer your first question, one method of verifying if the updates are installed on home deivces, is through implementing Device Management software. Whilst this depends on whether or not you have consent to access device data, it is a good solution for finding out which updates have been applied.

    To answer your second question, there are two perspectives on this matter. From a Risk management perspective, patching is a control which takes time and (normally) has low risks. Forcing updates can slow down work or cause massive disruptions to a person’s day if they take hours, whilst uncommon, they shouldn’t be ignored.

    From a security perspective, it is ideal to limit all risks. A balance must be struck in order to create an effective mitigation strategy.

    To summarise, patching is necessary but it should be a methodical and targeted process, it doesn’t have to be so painful.

    I hope this answers any questions you have.

Leave a Reply

Your email address will not be published.

Risk Crew