Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Defense Digests
Table of content
Following the recent release of Windows 10 patches (January 11, 2022), security researchers have created a proof of concept exploit that allows a user to escalate their privileges to administrator through a specific vulnerable driver. This exploit was demonstrated to be highly effective and easy to use, making it a significant threat. This vulnerability allows any regular unprivileged Windows 10 user to elevate their privileges easily. A malicious attacker could use this exploit to move laterally to other machines in the network, execute commands as an administrator, and ultimately compromise your corporate environment.
Many administrators have not applied the January 2022 updates containing the patch for this Win32k Elevation of Privilege Vulnerability due to the significant number of critical bugs introduced by the January 2022 updates including; reboots, L2TP VPN problems, inaccessible ReFS volumes, and Hyper-V issues. This means the attack surface for this vulnerability is very large and needs to be addressed immediately.
This vulnerability affects all supported versions of Windows 10 before the January 2022 Patch Tuesday updates.
A malicious threat actor could make kernel calls via the appropriate application programming interface’s (API) in user-mode, then intercept the callback. This intercepted callback would then be modified, but unpatched systems do not check for this change. With the resulting type confusion, the attacker can read and write to out-of-bounds memory locations which can result in privilege escalation.
Context of vulnerability (from February 2021 releases): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732
By intercepting the callback from a GUI API call in user_mode such as xxxTooltipWndProc, attackers can use NtUserConsoleControl to set the ConsoleWindow flag of the tagWND object. This change to the window type is not detected in the unpatched versions and incorrect data is referenced due to type confusion. The system then accepts that the tagWND.WndExtra is the offset of the kernel desktop heap. Controlling this offset, the attacker can read and write out-of-bounds, enabling escalation of local privileges.
Patch systems immediately to OS Builds 22000.434, 19042.1466, 19043.1466, and 19044.1466. This patch added a check code, creating a false return in the process described above.
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009566-os-build-22000-434-eee797fa-5ee3-4501-aeec-db3bc73b2c7b
To check against these vulnerabilities:
When the stack path is xxxCreateWindowEx -> xxxClientallocxxxxExtraBytes (CVE-2021-1732).
In other cases it is (CVE-2022-21882).
Download the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). Prerequisite:
For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:
This update will automatically sync with WSUS if you configure Products and Classifications as follows:
Product: Windows 11
View all Dataprise Defense Digests here.
INSIGHTS
Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.