Researchers from the Trend Micro Zero Day Initiative (ZDI) team published information on five uncorrected 0-day vulnerabilities in Windows, four of which have high risk rate.
Three zero-day vulnerabilities, which received identifiers CVE-2020-0916, CVE-2020-0986 and CVE-2020-0915, scored 7 points out of 10 possible on the CVSS vulnerability rating scale.
“Essentially, these three problems can allow an attacker to increase their privileges in a vulnerable system to the level of the current user. Fortunately, attackers who decide to exploit these bugs will first have to gain low privileged access to the target system”, – report ZDI experts.
The root of these problems lies in the user-mode printer driver splwow64.exe host process: the user input provided does not pass validation before dereferencing of the pointer.
The same process, splwow64.exe, is subject to another, less serious problem, tracked as CVE-2020-0915. The vulnerability scored only 2.5 points on the CVSS scale and also occurs due to the lack of proper validation of user-provided data.
Experts write that they notified Microsoft about these problems in December 2019, and the company intended to include patches for them in the May “Update Tuesday.” However, the company’s engineers failed to meet this deadline, and so far, only beta versions of the patches for testing have been provided to the ZDI researchers, and the end users have not received corrections.
ZDI experts also discovered another vulnerability that does not have a CVE identifier. This bug allows attackers to increase their privileges and is related to how the system processes WLAN connection profiles. Researchers believe that this bug can be estimated at about 7 points on the CVSS scale. In this case, the hacker will also first have to gain access to the target system, and only then exploit the problem.
“By creating a malicious profile, an attacker can receive credentials for a computer account. An attacker can use this vulnerability to increase their privileges and execute code in the with the administrator rights”, — say the experts.
Interestingly, Microsoft engineers do not intend to fix this problem at all, at least not in the nearest future.
We have already talked about one such protracted 0-day fix in Internet Explorer, though it was eliminated when cybercriminals have been already actively exploiting the vulnerability.