Targeted Attacks on Zero-Day Vulnerabilities

11. March, 2019

Google warns of two yet unknown vulnerabilities in Chrome and Windows 7 that are being actively exploited together. Details remain secret in order to protect users.

Two serious vulnerabilities in Chrome/Chromium and Windows allow attackers to infiltrate a foreign system, gain local elevated privileges and subsequently take control of the devices. The security update for the CVE-2019-5786 vulnerability in Chrome has already been distributed automatically; Microsoft is still working on a fix for Windows.

Check now: Security Update for Chrome 

Thanks to an automatic update on March 1, many devices have already been updated to the patched version of Chrome (72.0.3626.101 or higher). Please check the settings of your browser. Updates are usually performed in the background when the browser is closed or reopened. If the update was not applied automatically, click the three-point menu at the top right of your browser, then click Update Google Chrome and then Restart. If you don’t see this option, you already have the latest version installed. Linux users update Chrome using the Package Manager. Check also your smartphones and update the app at the PlayStore or Apple Store if necessary. All applications based on chromium are also likely to be affected.

Google is still holding back details on the serious gap. However, it is a bug in the FileReader API that allows attackers to provoke a memory error and use it to push their own code onto the device and execute it.

Windows: Vulnerability is actively exploited

According to Google’s security blog, anyone who still uses Windows7 is also at risk. The vulnerability allows attackers to use a null pointer in a Windows kernel driver to extend their user rights. In combination with the Chrome vulnerability, it should be possible to break out of the sandbox and take control of the entire system. Google strongly suspects that only Windows 7 is affected and therefore advises its users to update to Windows 10 if possible.

Be sure to enable automatic software updates and restart your devices regularly so that these updates can be installed!

HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download