May 21, 2020

Zero Day Initiative Researchers Publish Five Windows Zero Days

Security researchers working with the Zero Day Initiative (ZDI) of Trend Micro have released information on five unpatched vulnerabilities in Microsoft Windows, including four that were considered high risk.

The first three of these zero-day vulnerabilities could enable an attacker to escalate privileges on the affected device, tracked as CVE-2020-0916, CVE-2020-0986 and CVE-2020-0915, and featuring a CVSS score of 7.0

In the user-mode printer driver host process splwow64.exe, the security flaws have been identified and exist because the user-supplied input is not validated properly before being dereferenced as a pointer.

Adversaries trying to exploit these security vulnerabilities will first need to gain access to the network with little privilege. Successful exploitation would allow them to execute code at medium integrity within the context of the current user.

The same splwow64.exe host mechanism for the user-mode printer driver was also found vulnerable to a flaw in the disclosure of details of low severity. Tracked as CVE-2020-0915 and with a CVSS score of 2.5, the problem stems from the same lack of user-supplied value validation before being dereferenced as a pointer.

Microsoft was informed in December 2019 of the existence of these vulnerabilities and was aiming to release a patch on May 2020 Patch Tuesday but missed the deadline. Security researchers were provided with only beta fixes, for testing.

A flaw in managing WLAN link profiles that do not have a CVE identifier is also featuring a CVSS score of 7.0 and allows attackers to escalate privileges.

“An attacker can disclose credentials to the machine account by creating a malicious profile. This weakness can be leveraged by an attacker to elevate privileges and execute code in an administrator context, “ZDI notes.

The security researchers also reported that Microsoft was told in January about the vulnerability, but said a patch would not be released for the problem.

Leave a Reply

Your email address will not be published. Required fields are marked *