Microsoft Patched Two Zero-day Bugs in Windows
The more tools given to an app/service, the more chances of vulnerabilities it can show up with. In one such condition, Microsoft’s Internet Explorer is vested with a productivity feature, but was turned to a bug and exploited by an attacker. As reported by the Kaspersky team, Microsoft has fixed two bugs in its Windows through the August Tuesday Update. The two vulnerabilities, one in Internet Explorer 11 (CVE-2020-1380) and Windows GDI Print/Print Spooler API (CVE-2020-0986), were used by an attacker to target a South Korean company in May this year. Named as “Operation PowerFall“, the RCE bug in Internet Explorer 11 is present in Windows 10 and is used by various apps like MS Office for displaying the content in documents. It was used by the attacker to create a module file named as “ok.exe“, which helps to run malicious code with elevated privileges. Microsoft was first informed of this bug back in December 2019 via Trend Micro’s Zero-day Initiative (ZDI). But didn’t care to release a patch until June. And this could be because the ZDI has posted the advisory of this exploitation in May, which was soon picked up by adversaries. Kaspersky software has blocked these bugs in their users’ machines, which missed their chance of obtaining a sample and analyzing it. Yet, it was described to DarkHotel, a hacker group who follows the same routine of exploitation and is doing for two decades. Though researchers marked these bugs with a 7.5 severity score, Microsoft has taken to 10/10 and released a patch for them in its latest monthly update.