Language Selection

English French German Italian Portuguese Spanish

Confirmed: Microsoft Windows Zero-Day Exploit Used In Government Espionage Operation

Filed under
Microsoft
Security

It has been revealed that a threat actor once best known for cyber bank robbery in Russia has made a move to espionage. The highly targeted attacks against government institutions in Eastern Europe, which took place during June 2019, employed the use of a Microsoft Windows zero-day exploit. In and of itself this isn't unusual as there have been plenty of Windows zero-days discovered. However, this is the first time that researchers had seen the Buhtrap group using a zero-day attack, although the group has been involved in the cyber-spying business for some years now across Eastern Europe and Central Asia.

Anton Cherepanov, a senior malware researcher at security vendor ESET, explained how the zero-day exploit abused a local privilege escalation vulnerability in Microsoft Windows in order to run arbitrary code and install applications, and view or change data on the compromised systems. As soon as the researchers had properly analyzed the exploit, it was reported to the Microsoft Security Response Center, and a fix was included in the July 9 "Patch Tuesday" update.

The vulnerability itself only impacted older versions of Windows, specifically variations of Windows and Windows Server 2008. This is because, as Cherepanov explained, "since Windows 8 a user process is not allowed to map the NULL page. Microsoft back-ported this mitigation to Windows 7 for x64-based systems." The advice, predictably, is to upgrade to a newer version of the operating system if possible. Especially as critical security updates will disappear soon when extended support for Windows 7 Service Pack 1 ends in January 2020. Gavin Millard, vice-president of intelligence at Tenable, warns users not to be complacent seeing as the vulnerability is "now being actively exploited in the wild," advising that "patches should be deployed as soon as possible."

Read more

More in Tux Machines

Annual Report 2018: LibreOffice development

Throughout the second half of 2018, the developer community worked on a new major release: LibreOffice 6.2. Details about the end-user-facing new features are provided on this page, and in the following video – so in the rest of this blog post, we’ll focus on developer-related changes. Read more

Programming Leftovers

Linux Kernel: Chrome OS, Direct Rendering Manger (DRM) and Char/Misc

  • Various Chrome OS Hardware Support Improvements Make It Into Linux 5.3 Mainline

    Various Chrome OS hardware platform support improvements have made it into the Linux 5.3 kernel for those after running other Linux distributions on Chromebooks and the like as well as reducing Google's maintenance burden with traditionally carrying so much material out-of-tree.

  • The Massive DRM Pull Request With AMDGPU Navi Support Sent In For Linux 5.3

    At 479,818 lines of new code and just 36,145 lines of code removed while touching nearly two thousand files, the Direct Rendering Manger (DRM) driver updates for Linux 5.3 are huge. But a big portion of that line count is the addition of AMD Radeon RX 5000 "Navi" support and a good portion of that in turn being auto-generated header files. Navi support is ready for the mainline Linux kernel!

  • Char/Misc Has A Bit Of Changes All Over For Linux 5.3

    The char/misc changes with each succeeding kernel release seem to have less changes to the character device subsystem itself and more just a random collection of changes not fitting in other subsystems / pull requests. With Linux 5.3 comes another smothering of different changes.

today's howtos