Microsoft vulnerabilities exploited in the wild (CVE-2019-1214, CVE-2019-1215)

 In Security Alerts

SYSTEMS AFFECTED

  • Windows 7
  • Windows 8
  • Windows 10
  • Windows 2008
  • Windows 2012
  • Windows 2016
  • Windows 2019

THREAT LEVEL

  • High

OVERVIEW

Microsoft published 80 security fixes in the latest batch of patch updates, released in the September 2019 patch Tuesday. Among those patches are two Zero Day vulnerabilities that have been seen used in the wild, before Microsoft released the fixes.

DESCRIPTION

CVE-2019-1214 – Windows Common Log File System
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

The security update addresses the vulnerability by correcting how CLFS handles objects in memory. [1]

CVE-2019-1215 – Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles objects in memory. [2]

Zero Days being used in the wild
Both of the vulnerabilities have been seen used in the wild before the patches was released. They can be used to escalate privileges of the software and user running it, allowing ex. malware or ransomware to run with higher privileges than the one that is defined for the user running the application.

SOLUTION

  • Apply latest patches from Microsoft.

REFERENCE

  1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214
  2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215

DISCLAIMER

The information provided herein is on “as is” basis, without warranty of any kind.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt