12.08.2021 Field Effect discovers 0-day Windows security vulnerabilities

by Field Effect

Vulnerable software gives attackers the ultimate advantage — putting all businesses at risk. 

Today, we’re excited to share news about our security research team’s recent discovery of a tranche of critical 0-day security vulnerabilities, and our recommendation that Microsoft Windows users take fast action to make updates.  

The vulnerabilities — in Windows Vista/Server 2008 and above — could be exploited to gain kernel-level privilege to facilitate ransomware or other serious cyber attacks.    

Outdated operating systems have been shown to be more vulnerable to cyber threats, enabling cyber criminals to take advantage of security gaps and launch attacks. 

According to our Founder, CEO, and CTO Matt Holland, the impact of these vulnerabilities, if exploited, would be similar to upgrading an attacker’s weaponry from a tank to a nuclear weapon. 

“Once attackers have access to the kernel, they can bypass traditional security controls and move deeply into operating systems, applications, and more. The attack scenarios are limitless with this level of access and control,” explains Matt. 

The first of the vulnerabilities has been patched  

After our team responsibly disclosed our research findings to Microsoft in early May 2021, Microsoft issued patches for the first vulnerability CVE-2021-34514, in its Patch Tuesday update on July 13, 2021. CVE-2021-34514 has a high severity score of CVSS: 3.0 score 7.8. Patches for the remaining vulnerabilities will be scheduled by Microsoft in the fall. 

The CVE-2021-34514 vulnerability was discovered by Erik Egsgard, principal security researcher at Field Effect. It is a race condition vulnerability and resides in the Advanced Local Procedure Call (ALPC) facility of the Windows kernel (ntoskrnl.exe). ALPC was introduced with Windows Vista, which was released in 2007. 

We have confirmed that the vulnerability has been present since then, making almost every computer running Windows in the world vulnerable. 

Field Effect customers are protected with Covalence MDR Solution 

Today’s news underscores the importance of keeping software and systems updated and prioritizing security.  

At Field Effect, more than 50% of our revenue is invested in research and development to continually support innovation for our cyber security products and services. As a result, customers using our Covalence threat monitoring, detection, blocking, and response (MDR) solution, are protected from these vulnerabilities. 

“This vulnerability, along with others, were discovered over a one-week period while doing R&D for Covalence, our MDR solution. This is a testament to the deep expertise of our threat intelligence team, operating with an attacker’s mindset,” says Matt. “We continuously push the limits on attacker techniques and methodologies and build counter-measures right into our products and services, ensuring our clients are fully protected. This ensures that Covalence is always ready for when actual attackers discover and weaponize these techniques.” 

These discoveries provide tangible evidence of our cyber security prestige. We know that software vulnerabilities are a huge contributor to breaches, and this is evidence that our security research team is made up of the best vulnerability researchers in the world.  

This expertise is what goes into building our products and protecting our customers. Everything we learn through R&D, incident response service, and from the expertise of people who were previously tagged with protecting national critical infrastructure, feeds directly into the product we build. And with Covalence, our customers are protected from these types of vulnerabilities. 

It’s important to stay updated on the latest security news and best practices — get started today by signing up for our newsletter below. 



 

Request Demo

Fill out the form and we will send you details about our demo.