CIO Influence
Business Intelligence CIO Influence News Security

Field Effect Finds Kernel Elevation Of Privilege VulnerabilitiesinAlmost Every Version Of Microsoft Windows Currently Used

Field Effect Finds Kernel Elevation of Privilege VulnerabilitiesinAlmost Every Version of Microsoft Windows Currently Used

Patches released for one high severity bugso far, CVE-2021-34514

Field Effect, a global cyber security company specializing in intelligence-grade protection for small and mid-sized businesses, recommends Microsoft Windows users take fast action to make updates following the discovery of a tranche of critical zero-day security vulnerabilities by the company’s security research team.The vulnerabilities — in Windows Vista/Server 2008 and above — could be exploited to gain kernel-level privilege to facilitate ransomware or other serious cyber attacks. The first of these vulnerabilities was recently patched by Microsoft.

Recommended ITech News: IP Infusion Partners with Wipro Limited to Deliver Validated Disaggregated Networking Solutions

After Field Effect responsibly disclosed its research findings to Microsoft in earlyMay 2021,Microsoft issued patches forthe first vulnerabilityCVE-2021-34514, in itsPatch Tuesday update on July 13, 2021.CVE-2021-34514 has a high severity score of CVSS: 3.0 score 7.8.Patches for the remaining vulnerabilities will be scheduled by Microsoftin the fall.

“The potential impact from these nativekernel privilege escalation vulnerabilities, if exploited, wouldbe similar toupgrading an attacker’s weaponry from a tank to a nuclear weapon,” said Matt Holland, Founder, CEO, and CTO of Field Effect. “Once attackers haveaccess to the kernel,theycan bypass traditional security controls and move deeply into operating systems, applications, and more. The attack scenarios are limitless with this level of access and control.”

TheCVE-2021-34514vulnerabilitywasdiscoveredby ErikEgsgard,Field Effect’s principal securityresearcher. It is a race condition vulnerability and resides in the Advanced Local Procedure Call (ALPC) facility of the Windows kernel (ntoskrnl.exe). ALPC was introduced with

Windows Vista, which was released in 2007. Field Effect has confirmed that the vulnerability has been present since then, making almost every computer running Windows in the world vulnerable.

Patches issued for CVE-2021-34514 also included 19for Windows 10 and two for Windows 7 versions, as well as associated Windows Server versions.Windows 7, no longer supported by Microsoft but known to bethesecond most popular Windows operating system, isstill running on an estimated 100 million PCs.Outdated operating systemshave been shown to bemore vulnerable to cyber threats,enablingcyber criminals to take advantage of security gaps and launch attacks.

Recommended ITech News: Unfold A New World Of 5g Samsung Galaxy Z Series Is Coming To Verizon

news underscores the importance of keeping software and systems updated and prioritizing security. At Field Effect, more than 50% of the company’s revenue is invested in R&D to continually support innovation for its cyber security products and services. As a result, Field Effect customers using the company’s Covalence threat monitoring, detection, blocking, and response (MDR) solution, are protected
from these vulnerabilities.

“This vulnerability, along with others, were discovered over a one-week period while doing R&D for Covalence, our MDR solution. This is a testament to the deep expertise of our threat intelligence team, operating with an attacker’s mindset,” said Holland. “We continuously push the limits on attacker techniques and methodologies and build counter-measures right into our products and services, ensuring our clients are fully protected. This ensures that Covalence is always ready for when actual attackers discover and weaponize these techniques.”

Recommended ITech News: Shutterstock Announces Integration With OpenText, A Worldwide Leader In Digital Asset Management

Related posts

DLA Piper Moving to iManage Cloud in the United States and Mexico

Resecurity Launches Cutting-Edge Identity Protection Service in India

PR Newswire

SingleStore Announces World’s Only Hybrid Multi-cloud, Unified Analytical and Transactional Database

CIO Influence News Desk

Leave a Comment