Field Effect Finds Kernel Elevation of Privilege Vulnerabilities in Almost Every Version of Microsoft Windows Currently Used
Patches released for one high severity bug so far, CVE-2021-34514 .
August 13, 2021
PRESS RELEASE
OTTAWA, ON, Aug. 12, 2021 /PRNewswire/ - Field Effect, a global cyber security company specializing in intelligence-grade protection for small and mid-sized businesses, recommends Microsoft Windows users take fast action to make updates following the discovery of a tranche of critical zero-day security vulnerabilities by the company's security research team. The vulnerabilities — in Windows Vista/Server 2008 and above — could be exploited to gain kernel-level privilege to facilitate ransomware or other serious cyber attacks. The first of these vulnerabilities was recently patched by Microsoft.
After Field Effect responsibly disclosed its research findings to Microsoft in early May 2021, Microsoft issued patches for the first vulnerability CVE-2021-34514, in its Patch Tuesday update on July 13, 2021. CVE-2021-34514 has a high severity score of CVSS: 3.0 score 7.8. Patches for the remaining vulnerabilities will be scheduled by Microsoft in the fall.
"The potential impact from these native kernel privilege escalation vulnerabilities, if exploited, would be similar to upgrading an attacker's weaponry from a tank to a nuclear weapon," said Matt Holland, Founder, CEO, and CTO of Field Effect. "Once attackers have access to the kernel, they can bypass traditional security controls and move deeply into operating systems, applications, and more. The attack scenarios are limitless with this level of access and control."
The CVE-2021-34514 vulnerability was discovered by Erik Egsgard, Field Effect's principal security researcher. It is a race condition vulnerability and resides in the Advanced Local Procedure Call (ALPC) facility of the Windows kernel (ntoskrnl.exe). ALPC was introduced with
Windows Vista, which was released in 2007. Field Effect has confirmed that the vulnerability has been present since then, making almost every computer running Windows in the world vulnerable.
Patches issued for CVE-2021-34514 also included 19 for Windows 10 and two for Windows 7 versions, as well as associated Windows Server versions. Windows 7, no longer supported by Microsoft but known to be the second most popular Windows operating system, is still running on an estimated 100 million PCs. Outdated operating systems have been shown to be more vulnerable to cyber threats, enabling cyber criminals to take advantage of security gaps and launch attacks.
Today's news underscores the importance of keeping software and systems updated and prioritizing security. At Field Effect, more than 50% of the company's revenue is invested in R&D to continually support innovation for its cyber security products and services. As a result, Field Effect customers using the company's Covalence threat monitoring, detection, blocking, and response (MDR) solution, are protected from these vulnerabilities.
"This vulnerability, along with others, were discovered over a one-week period while doing R&D for Covalence, our MDR solution. This is a testament to the deep expertise of our threat intelligence team, operating with an attacker's mindset," said Holland. "We continuously push the limits on attacker techniques and methodologies and build counter-measures right into our products and services, ensuring our clients are fully protected. This ensures that Covalence is always ready for when actual attackers discover and weaponize these techniques."
To download the CVE-2021-34514 patches, access the Microsoft Security Update Guide here.
About Field Effect
Field Effect believes businesses of all sizes deserve powerful cyber security solutions to protect them. The company's threat monitoring and protection, incident response, security training, and consulting services are the result of years of research and development by the brightest talents in the cyber security industry. For more information, visit www.fieldeffect.com.
You May Also Like