Zero-day exploits in Windows OS and Internet Explorer used in cyber-attacks: Report

Hemai Sheth Updated - August 14, 2020 at 01:27 PM.

Hackers have leveraged zero-day vulnerabilities in Windows OS and Internet Explorer to carry out targeted cyber attacks, according to a recent report by cybersecurity firm Kaspersky.

Earlier this year, the security firm claimed to have detected and stopped a targeted attack on a South Korean company.

“Closer analysis revealed that this attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation of privileges (EoP) exploit for Windows. The latter was targeting the latest versions of Windows 10,” Kaspersky said in its report.

A zero-day vulnerability is a software bug that hackers can use to target specific users.

“Once discovered, they make it possible to conduct malicious activities discreetly, causing serious and unexpected damage,” said the firm.

Researchers at Kaspersky discovered two such vulnerabilities while researching said cyber attack. One of the vulnerabilities found in Internet Explorer is a Use-After-Free. The vulnerability can help hackers gain remote access to a system to execute a particular code. This exploit was assigned as CVE-2020-1380.

Hackers, however, need more privileges to attack a system through Internet Explorer as the browser works in an isolated environment. For this, they exploited a second vulnerability found in Windows which allows them to execute arbitrary code on the victim’s machine. This elevation of privileges (EoP) exploit was assigned as CVE-2020-0986, as per the report.

“What is particularly interesting in the discovered attack is that the previous exploits we found were mainly about elevation of privileges. However, this case includes an exploit with remote code execution capabilities which is more dangerous. Coupled with the ability to affect the latest Windows 10 builds, the discovered attack is truly a rare thing nowadays. It reminds us once again to invest into prominent threat intelligence and proven protective technologies to be able to proactively detect the latest zero-day threats,” said Boris Larin, security expert at Kaspersky.

Published on August 14, 2020 07:57