Please consider updating your browser. Some parts of the website may not function as intended.

“Infernal” Actively Exploited Windows Kernel EoP Bug Allows Takeover

Microsoft bug

Microsoft has secured 56 vulnerabilities in the February patch Tuesday, this includes 11 critical vulnerabilities, 6 of which were publicly known. The patches cover components in Microsoft Windows, the .NET framework, Azure IoT, Azure Kubernetes Service, Edge for Android, Exchange server, MSS office services, and web applications, Sky for Business and Lynx, and Microsoft Defender.

CVE-2021-1732 is one of the flaws being actively exploited that carries a vulnerability rating of 7.8. The issue exists in the Windows Win32k operating system kernel and falls under the category of elevation-of-privilege vulnerabilities.

The vulnerability affects Windows 10 and corresponding versions of the Windows Server OS (2016 and above). It is recommended that users running vulnerable versions place a high priority on patching to the latest secure versions.

The impact

This vulnerability allows local users, who are logged on to execute code of their choosing with higher privileges, through running a specially crafted application. Successful attacks can execute code in the context of the kernel and gain SYSTEM privileges, the highest amount of power on a Windows system.

The remediation

In addition to this vulnerability, patches for the remaining 55 vulnerabilities are also available. It is recommended that organisations perform a risk assessment to determine where their security is weakest and patch accordingly.

Source: Threat Post

3 thoughts on ““Infernal” Actively Exploited Windows Kernel EoP Bug Allows Takeover

  1. Steve Richards says:

    As an MSSP these updates were pushed out to my clients but I can’t help but wonder how many people working from home don’t have them installed yet?

    When I speak to clients, these have varying opinions about updates; are they really that important, I only need to install them if I am told to do so, they interfere with my work so I don’t bother, are just a few of the things I hear from ad-hoc clients.

    Because I take security seriously, I help them understand how critical they are. Using their home as an analogy always works. But people are often our weakest link in cyber security. As a last resort I have a security product that I recommend to these clients, it will install critical updates automatically and often without the need for a reboot.

    What are your thoughts about forcing updates guys?

    • Gabriel McLeish says:

      Hello Steve,

      To answer your first question, one method of verifying if the updates are installed on home deivces, is through implementing Device Management software. Whilst this depends on whether or not you have consent to access device data, it is a good solution for finding out which updates have been applied.

      To answer your second question, there are two perspectives on this matter. From a Risk management perspective, patching is a control which takes time and (normally) has low risks. Forcing updates can slow down work or cause massive disruptions to a person’s day if they take hours, whilst uncommon, they shouldn’t be ignored.

      From a security perspective, it is ideal to limit all risks. A balance must be struck in order to create an effective mitigation strategy.

      To summarise, patching is necessary but it should be a methodical and targeted process, it doesn’t have to be so painful.

      I hope this answers any questions you have.

Leave a Reply

Your email address will not be published. Required fields are marked *

Risk Crew