Microsoft sent a patch on Tuesday, which was trying to identify two vulnerabilities that are actively exploiting Windows. The first to target Windows 7 users was released last week by Google security engineer Clement Lecigne. He warned that vulnerability could be used along with his exploitation Chrome to take over Windows systems and updated users to upgrade to Windows 10.
The second defect was detected by Kaspersky Lab saying they have detected a new exploitation vulnerability in Windows, which it believes has been used in targeted attacks by at least two threat carriers.
The exploitation targets Window 8 and Window 10 by using a vulnerability in the Microsoft Windows Graphics subsystem to achieve the escalation of local privileges. This provides the attacker with complete control of the victim's computer.
The vulnerability he exploited was detected by Kaspersky Lab's "Automatic Exploit Prevention".
Kaspersky Lab products detect the exploit as:
Kaspersky researchers who discovered the bug, Vasiliy Berdnikov and Boris Larin, say in a blog: "In February of 2019, AEPs detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this fact led to the discovery of a vulnerability in win32k.sys. »
They add: "CVE-2019-0797 is a rare state in the win32k driver due to the lack of proper synchronization between the unrecorded NtDCompositionDiscardFrame and NtDCompositionDestroyConnection."
This is the fourth parallel exploiting vulnerability of Local Privilege Escalation in Windows that Kaspersky recently discovered.
Researchers believe that localized exploitation could be used by various threatening agents, such as FruityArmor and SandCat.