“Infernal” Actively Exploited Windows Kernel EoP Bug Allows Takeover

Microsoft bug

Microsoft has secured 56 vulnerabilities in the February patch Tuesday, this includes 11 critical vulnerabilities, 6 of which were publicly known. The patches cover components in Microsoft Windows, the .NET framework, Azure IoT, Azure Kubernetes Service, Edge for Android, Exchange server, MSS office services, and web applications, Sky for Business and Lynx, and Microsoft Defender.

CVE-2021-1732 is one of the flaws being actively exploited that carries a vulnerability rating of 7.8. The issue exists in the Windows Win32k operating system kernel and falls under the category of elevation-of-privilege vulnerabilities.

The vulnerability affects Windows 10 and corresponding versions of the Windows Server OS (2016 and above). It is recommended that users running vulnerable versions place a high priority on patching to the latest secure versions.

The impact

This vulnerability allows local users, who are logged on to execute code of their choosing with higher privileges, through running a specially crafted application. Successful attacks can execute code in the context of the kernel and gain SYSTEM privileges, the highest amount of power on a Windows system.

The remediation

In addition to this vulnerability, patches for the remaining 55 vulnerabilities are also available. It is recommended that organisations perform a risk assessment to determine where their security is weakest and patch accordingly.

Source: Threat Post

Risk Crew