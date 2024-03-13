You are hereHome › John Lister › Windows Bug Exploited For Six Months
Windows Bug Exploited For Six Months
A Windows bug patched last month had been exploited for six months by hackers linked to North Korea. Microsoft reportedly knew about it and the delay in fixing it may have been down to internal bureaucracy.
Security company Avast found the bug last August and reported it to Microsoft. At the time it was already a zero-day bug, meaning there was evidence hackers not only knew about the bug but where taking advantage of it. That meant Microsoft had "zero days" head start in coming up with a fix and rolling it out before hackers exploited it.
Microsoft released a fix in the February "Patch Tuesday" update but didn't publicly confirm it had been exploited until the end of the month.
North Korea Behind Attacks
According to Avast, members of the Lazarus hacking group were exploiting the bug. They are thought to be backed by North Korea and their purpose is to cause trouble for other countries and raise funds for the totalitarian state, which is subject to severe restrictions on international trade.
Microsoft has said the risk is that attackers could get "system" level access in limited circumstances, but would need to be logged on to the system in the first place. In simple terms, system level access, also called kernel-level access, means having the same access to the computer that Windows itself has. (Source: bleepingcomputer.com)
Avast says the big problem is Microsoft doesn't consider the move from having administrator access to Windows to having kernel access to be a "security boundary" and thus doesn't treat such bugs as the highest priority.
Hackers Disable Security Tools
According to Avast, that's led to a major problem because the Lazarus hackers are able to use the kernel access to disable security software. They can then install malware known as rootkits which not only have the potential to control the operating system itself, but could do so undetected. (Source: arstechnica.com)
Ultimately, the dispute comes down to a simple difference in views: Avast says hackers able to go from administrator access to kernel access is a major danger, while Microsoft says its not a priority problem because it's so difficult to get administrator access remotely in the first place. Avast's revelations about the hackers extended period exploiting this bug suggests its viewpoint has proven more relevant.
What's Your Opinion?
Should Microsoft warn the public as soon as it knows a bug is being exploited? Which should software firms prioritize: bugs that are easier to exploit or bugs that could cause more damage when exploited? Are manufacturers of security software a trustworthy source on the level of risk?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
But when did M$ know?
Avast told them in August but MS could well have known months before then if it took them 6 months from August to bother to fix it!
So what to do now?!
Not being an expert, I want to know how to check that I don't have the malware. I see that I got the patch update last month. Anything I can run to check on this mess?
Thanks,
Annie