Kaspersky discovered and intercepted a chain attack by hackers that used two unknown vulnerabilities in new builds of Windows 10 and Internet Explorer 11.
The cybersecurity firm discovered the vulnerabilities during an attempted attack on a South Korean company in May 2020. Kaspersky’s software prevented the success of the attack, but reported the vulnerabilities to Microsoft.
No ad to show here.
Microsoft then patched these vulnerabilities on 9 June and 11 August.
The rare attack used exploits in the latest versions of Windows 10 — rather than relying on old vulnerabilities.
“What is particularly interesting in the discovered attack is that the previous exploits we found were mainly about elevation of privileges. However, this case includes an exploit with remote code execution capabilities — which is more dangerous,” Boris Larin, security expert at Kaspersky, said in a statement.
“Coupled with the ability to affect the latest Windows 10 builds, the discovered attack is truly a rare thing nowadays.”
Operation PowerFall: how hackers exploited Windows 10
Kaspersky has dubbed the attack Operation PowerFall and detailed how the two-part hack works.
The Windows 10 vulnerability allowed cybercriminals to elevate their user privileges on a computer. Meanwhile, the Internet Explorer 11 exploit allowed them to execute code remotely.
“Since Internet Explorer works in an isolated environment, attackers needed more privileges on the infected machine. That is the reason they needed the second exploit, found in Windows and using a vulnerability in the printer service,” Kaspersky said.
Microsoft has since separately patched each vulnerability.
To prevent hackers using Operation PowerFall to infect your computer, you should install the latest Windows 10 and Internet Explorer 11 patches immediately.
Even if you use another browser, you should update your Windows 10 build to patch the vulnerability. This prevents hackers from using the exploit in another way to target your computer.
Kaspersky also encourages businesses to use security software to protect their devices.
You can get more detail on the attack on the Securelist website.
With more people working from home, cybercriminals are targeting businesses through their employees.
Hackers have are even using streaming services as a lure due to increase use during the pandemic. Meanwhile, SARS eFiling scams are showing up during South Africa’s tax season to take advantage of taxpayers.
Feature image: freestocks on Unsplash