{"id":14835,"date":"2019-03-14T06:30:19","date_gmt":"2019-03-14T14:30:19","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/03\/14\/news-8584\/"},"modified":"2019-03-14T06:30:19","modified_gmt":"2019-03-14T14:30:19","slug":"news-8584","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/03\/14\/news-8584\/","title":{"rendered":"CVE-2019-0797: Zero-day exploits keep coming"},"content":{"rendered":"<p><strong>Credit to Author: Pavel Shoshin| Date: Thu, 14 Mar 2019 13:35:39 +0000<\/strong><\/p>\n<p><a target=\"_blank\" href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/03\/14092056\/CVE-2019-0797-vulnerability-detected-featured.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-25977\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/03\/14092056\/CVE-2019-0797-vulnerability-detected-featured.jpg\" alt=\"\" width=\"1460\" height=\"960\" \/><\/a>At the risk of seeming monotonous, we are compelled by circumstances to report that three months after the last <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/cve-2018-8589-vulnerability-detected\/24597\/\">zero-day vulnerability was found<\/a>, our proactive technologies have uncovered another Windows exploit. This time, the vulnerability affects many more versions of the operating system: 64-bit Windows 8 and 10 (up to build 15063) find themselves plumb in the danger zone. We duly notified Microsoft, and a patch was included in a system update released on March 12.<\/p>\n<p>Curiously, though, despite the continual release of updates for current versions, many users are in no hurry to install them for fear of disrupting their computers&#8217; operations. This &#8220;wait and see what happens to others&#8221; approach is not recommended.<\/p>\n<h2>What is CVE-2019-0797?<\/h2>\n<p>This is no less than the fourth privilege escalation exploit recently detected by our systems.  As in the case of <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/cve-2018-8589-vulnerability-detected\/24597\/\">CVE-2018-8589<\/a>, it is a <a target=\"_blank\" href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/race-condition\/\">race condition<\/a> error in the win32k.sys driver (technical details are <a target=\"_blank\" href=\"https:\/\/securelist.com\/cve-2019-0797-zero-day-vulnerability\/89885\/\">available on Securelist<\/a>). We know about several targeted attacks that made use of this exploit. It potentially allows intruders to gain complete control over the vulnerable system.<\/p>\n<h2>How to avoid problems<\/h2>\n<p>Our advice remains the same:<\/p>\n<ul>\n<li>Install the corresponding system update (available on the <a target=\"_blank\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0797\">Microsoft website<\/a>);<\/li>\n<li>Always update software (in particular, operating systems) to the latest versions, and replace it when the support period expires, if possible;<\/li>\n<li>Use security solutions with behavioral analysis technologies.<\/li>\n<\/ul>\n<p>The technologies used to detect the exploit (Advanced Sandboxing, Anti Targeted Attack, Behavioral Detection Engine, Automatic Exploit Prevention) are deployed in the Kaspersky Security for Business solution.<\/p>\n<p> <input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\" \/> <br \/><a href=\"https:\/\/www.kaspersky.com\/blog\/cve-2019-0797-vulnerability-detected\/25976\/\" target=\"bwo\" >https:\/\/blog.kaspersky.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Pavel Shoshin| Date: Thu, 14 Mar 2019 13:35:39 +0000<\/strong><\/p>\n<p>Our proactive technologies detected yet another Windows exploit that was used in APT attacks.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10425,10378],"tags":[1001,11810,11179,11638,12321,10752,10525],"class_list":["post-14835","post","type-post","status-publish","format-standard","hentry","category-kaspersky","category-security","tag-business","tag-cve","tag-endpoint","tag-exploit","tag-smb","tag-vulnerabilities","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14835"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14835\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14835"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}