Field Effect, a global cyber security company specialising in intelligence-grade protection for small and mid-sized businesses, recommends Microsoft Windows users take fast action to make updates following the discovery of a tranche of critical zero-day security vulnerabilities by the company’s security research team.
The vulnerabilities — in Windows Vista/Server 2008 and above — could be exploited to gain kernel-level privilege to facilitate ransomware or other serious cyber attacks. The first of these vulnerabilities was recently patched by Microsoft.
After Field Effect responsibly disclosed its research findings to Microsoft in early May 2021, Microsoft issued patches for the first vulnerability CVE-2021-34514, in its Patch Tuesday update on July 13, 2021. CVE-2021-34514 has a high severity score of CVSS: 3.0 score 7.8. Patches for the remaining vulnerabilities will be scheduled by Microsoft in the autumn.
“The potential impact from these native kernel privilege escalation vulnerabilities, if exploited, would be similar to upgrading an attacker’s weaponry from a tank to a nuclear weapon,” said Matt Holland, Founder, CEO, and CTO of Field Effect. “Once attackers have access to the kernel, they can bypass traditional security controls and move deeply into operating systems, applications, and more. The attack scenarios are limitless with this level of access and control.”
Also Read: Using AI for Video Marketing
The CVE-2021-34514 vulnerability was discovered by Erik Egsgard, Field Effect’s principal security researcher. It is a race condition vulnerability and resides in the Advanced Local Procedure Call (ALPC) facility of the Windows kernel (ntoskrnl.exe). ALPC was introduced with
Windows Vista, which was released in 2007. Field Effect has confirmed that the vulnerability has been present since then, making almost every computer running Windows in the world vulnerable.
Patches issued for CVE-2021-34514 also included 19 for Windows 10 and two for Windows 7 versions, as well as associated Windows Server versions. Windows 7, no longer supported by Microsoft but known to be the second most popular Windows operating system, is still running on an estimated 100 million PCs. Outdated operating systems have been shown to be more vulnerable to cyber threats, enabling cyber criminals to take advantage of security gaps and launch attacks.
This news underscores the importance of keeping software and systems updated and prioritising security. At Field Effect, more than 50 per cent of the company’s revenue is invested in R&D to continually support innovation for its cybersecurity products and services. As a result, Field Effect customers using the company’s Covalence threat monitoring, detection, blocking, and response (MDR) solution, are protected from these vulnerabilities.
“This vulnerability, along with others, were discovered over a one-week period while doing R&D for Covalence, our MDR solution. This is a testament to the deep expertise of our threat intelligence team, operating with an attacker’s mindset,” said Holland. “We continuously push the limits on attacker techniques and methodologies and build counter-measures right into our products and services, ensuring our clients are fully protected. This ensures that Covalence is always ready for when actual attackers discover and weaponize these techniques.”
