According to Moscow-based cybersecurity firm Kaspersky, Microsoft has patched two zero-day vulnerabilities in Windows that were being exploited by South Korean hackers. [According to a post on the company's SecureList security blog, Kaspersky thwarted an attack against a South Korean company in May. The attackers used two zero-day exploits that took advantage of previously unknown software flaws: an "Internet Explorer 11 remote code execution exploit" and a "Windows privilege escalation (EoP) exploit."

Kaspersky reported this new vulnerability to Microsoft, which patched the privilege escalation bug on June 9 and the Internet Explorer flaw yesterday (August 11).

The first vulnerability, assigned catalog number CVE-2020-0986, could grant special privileges to an attacker already logged into a Windows system. By using these elevated privileges, the attacker could install, remove, or alert on existing software or system settings. This is bad, but not terrible, and Microsoft called it "significant." [The second, cataloged as CVE-2020-1380, allows an attacker controlling a malicious website to gain user privileges on a system that opened a website page in Internet Explorer.

In the second zero-day, the attacker's privileges match those of the user whose browser opened the web page. If that user is running as a limited user with no administrative privileges, the attacker cannot do much. [However, if the user is running as an administrator, the impact is much worse, allowing the attacker to do almost anything on the victim's computer. This, coupled with the fact that the attack takes place over the Internet, has resulted in a severity rank of "critical."

(It is because of these attacks that we advise everyone to conduct their daily computing business with restricted accounts. It is too risky to keep logging in as an administrator.) [When these two flaws are combined, the effects can be devastating. An attacker can use the Internet Explorer flaw to gain a foothold on the system, however limited. Elevation-of-Privileges (Elevation-of-Privileges) flaws can give an attacker administrative privileges to escape the boundaries of a limited account.

Kaspersky said it cannot yet definitively link these attacks to known threat actors, but added that there are indications that a Korean group called DarkHotel may be involved.

DarkHotel has been active for more than a decade and became known in 2014 when Kaspersky researchers discovered it was tracking hotel guests across East Asia. 21]

Interestingly, highly sophisticated attacks on the Korean Peninsula cyberattacks are mostly the work of North Korean state-sponsored hackers, whereas DarkHotel is a South Korean group, presumably backed by the South Korean government itself.

Microsoft also patched another zero-day vulnerability yesterday. Catalog number CVE-2020-1464 is described as an impersonation issue that causes Windows to improperly authenticate file signatures.

This vulnerability has also been exploited, but Microsoft has not disclosed how or by whom. The severity is "critical."

To make sure you are protected against all these flaws, run this month's Patch Tuesday update in Windows Update.

Microsoft released security patches yesterday for a total of 120 different flaws, Windows, Edge, Microsoft Scripting Engine, .NET Framework, SQL Server, Dynamics, Office, NET Framework, SQL Server, Dynamics, Office, and many other products affected.

Of these, 17 flaws were classified as "critical. This is the most severe rating given to a security flaw and puts users at immediate risk of attack. [Jake Moore, a security specialist at ESET, told Tom's Guide, "When updates are rated, the ultra-security conscious will patch them immediately, but procrastinators will skip the less critical ones. might," he said. 'But even some people and companies are keeping their heads firmly on a swivel. [However, whether the assessment is critical or not, it is worth patching and protecting as early as possible. Such vulnerability assessments can be damaging not only to the patching organization, but also to Microsoft.

"Companies could argue to Microsoft that autonomous updates are the best way to stay protected because patches rated as "critical" may actually have been more critical to a particular threat.