Windows 7 exploit- critical fix July 2019

July 16th, 2019 by Stephen Jones Leave a reply »

Microsoft’s latest SSU helps fix a bug in Secure Boot that interferes with Windows’ BitLocker encryption system. The updates are available from the Microsoft Update Catalog or through Windows Server Update Services (WSUS).

Microsoft said it “strongly recommends” that users and admins install this latest SSU before installing the latest cumulative update, which was released along with this month’s Patch Tuesday updates. This month’s updates brings a fix for a Win32k zero-day, marked as CVE-2019-1132, which was part of an attack used by Kremlin-backed hackers. The researcher at ESET, Anton Cherepanov, found the exploit for the flaw which doesn’t affect Windows 10 or Windows 8 but it does impact older versions including Windows 7 SP1, Windows Server 2008 SP2, and Windows Server R2 SP1. Cherepanov noted that the technique used in the current exploit is “very similar” to one used before 2017 by the advanced hacking group called Sednit, aka Fancy Bear, APT28, STRONTIUM, and Sofacy. Windows 8 and later block a key component of the exploit chain, which is why the flaw only affects earlier versions of supported Windows versions. He notes that Microsoft back-ported the Windows 8 mitigation to Windows 7 for x64-based systems.

Bugs like this are one reason Windows 7 users should follow Microsoft’s advice to upgrade. Those who still use Windows 7 for 32-bit systems Service Pack 1 should update to newer operating systems, since extended support of Windows 7 Service Pack 1 ends on January 14, 2020. Which means that Windows 7 users will then no longer receive critical security updates. Thus, vulnerabilities like this one will stay unpatched forever.

This is not the only fix – the Microsoft patches address 77 security flaws, including 15 rated “critical.”
In May this year patches were also released for BlueKeep’s – the ability to automatically spread from one vulnerable machine to another – could be exploited in an attack on the same global scale as WannaCry, whose worm capabilities were enabled by EternalBlue, the leaked NSA exploit for the SMBv1 file-sharing protocol. The NSA urged admins to patch the flaw and change configurations to prevent potential attacks. Its warning followed research that found that at least one million Windows computers were still vulnerable to BlueKeep. The NSA said it was “likely only a matter of time” before attacks emerged.

Advertisement

Comments are closed.