Advisory on Windows Vulnerabilities

Risk:
high
Damage:
high
Platform(s):
Microsoft® Windows OS
Advisory ID:
ngCERT-2021-0031
Version:
N/A
CVE:
N/A
Published:
February 25, 2021

Summary


Cybercriminals are actively taking advantage of weaknesses in Windows and deploying malware for nefarious purposes. Windows has been a direct target of attacks by malware, more than 80% of malware detected are from windows according to latest discovery. This amongst others includes two updated versions of LodaRAT malware, TrickBot malware and the Zerologon flaws.

Description & Consequence


Windows Operating System (OS) is the most popular operating system used by more than 75% of desktop users and it has also become among the top products being targeted by cyberattacks. Windows has been a direct target of attacks by malware, more than 80% of malware detected are from windows according to latest discovery. Two updated versions of LodaRAT malware were discovered targeting Windows users. The attack vector used in these attacks was spam email with links to malicious applications or documents. Also, TrickBot malware which was reported earlier on came back with a newer version. This version was using a mechanism of Windows Task Scheduler as the way to reload the malware. Meanwhile, the cybersecurity experts have warned about using Windows 7, which reached end-of-life on January 14, 2020 to minimize the impact of the several attacks on windows products. Microsoft advised updating systems to address the critical Zerologon flaw (tracked as CVE-2020-1472). This vulnerability allows an attack against Microsoft Active Directory domain controllers.

Successful exploits could allow an attacker to carry out the following:

  • Access to sensitive information
  • Privilege escalation
  • Denial of service
  • Remote code execution
  • Exposure to blind TCP/IP hijacking attacks
  • Attack against Microsoft Active Directory domain controllers.

Solution


  1. Users are recommended to discontinue the use of windows 7 which has reached end-of-life on January 14, 2020.
  2. Ensure regular updating of the windows Operating System (OS) with the latest update.
  3. Ensure the use of up-to-date anti-malware.
  4. Stay away from opening emails that come from untrusted sources.
  5. Microsoft has also advised updating systems to address the critical Zerologon flaw (tracked as CVE-2020-1472).

Reference


Revision


Related Articles