A vulnerability already fixed in Windows 10 allowed any user, even with restricted access to a machine, to escalate privileges to the point of becoming an operating system administrator. The problem, solved this January during the traditional Tuesday updates of the platform, the so-called Patch Tuesdays, would be being used by cybercriminal groups in exploits against corporate users, which makes the update critical for such organizations.
Details of the breach, which affects all versions of Windows 10 prior to this month’s security updates, were published by Google Project Zero, an initiative aimed at finding critical flaws in popular systems. More specifically, the problem was located in a driver called Win32k.sys, through which an attacker would be able to go beyond the limits of memory to change the status of the profile itself, making it administrator and capable of performing different tasks in the operating system.
From this elevation of privilege, it would be possible to create new administrative accounts, move laterally around the network in search of new compromised devices, and execute commands remotely. In a test conducted by the website Bleeping Computer, the exploit allowed opening Notepad with full privileges, a simple and seemingly harmless task, but one that shows the possibility of serious malicious use.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
Windows 10 Alert Matters After January Updates
The alert is especially important after the news that the January 2022 updates brought problems, especially for corporate users. Involuntary reboots, VPN problems, disk inaccessibility and server virtualization system failures are among the bugs that have caused many network administrators to delay applying the update; now, everyone is vulnerable to an exploit that is detailed and, worst of all, being used by cyber criminal groups.
The recommendation was even reinforced by Microsoft itself. The company pointed out that many of the flaws reported by users in early January after the update have already been fixed; in the face of greater danger, the idea is that administrators take mitigation measures, if they find the flaws, instead of waiting until February, for another Patch Tuesday, to perform all the updates at once.
According to notes published by Google Project Zero, partial exploitation of the flaw is also possible on Windows 11 and Server 2022, with this early month’s fixes addressing them. In addition to version 10 of the operating system, the Server 2019 edition also allows the escalation of privileges cited by experts.
