All Windows users should update immediately as ‘Complete Control’ hack is confirmed

[Mindovermaster Moderator]

Quote

A couple of weeks back, researchers from cybersecurity firm Eclypsium revealed that almost all the major hardware manufacturers have a flaw that can allow malicious applications to gain kernel privileges at the user level, thereby gaining direct access to firmware and hardware.

The researchers released a list of BIOS vendors and hardware manufacturers which included Toshiba, ASUS, Huawei, Intel, Nvidia and more. The flaw also affects all the new versions of Windows which includes Windows 7, 8, 8.1 and Windows 10. While Microsoft has already released a statement confirming that Windows Defender is more than capable of handling the issue, they didn’t mention that users need to be on the latest version of Windows to take benefit of the same. For older versions of Windows, Microsoft noted that it will be using HVCI (Hypervisor-enforced Code Integrity) capability to blacklist drivers that are reported to them. Unfortunately, this feature is only available on 7th generation and later Intel processors; so older CPUs, or newer ones where HCVI is disabled, require the drivers to be manually uninstalled.

If this wasn’t enough bad news, hackers have now managed to use the flaw to exploit the users. Remote Access Trojan or RAT has been around for years but recent developments have made it more dangerous than ever. The NanoCore RAT used to sell on Dark Web for $25 but was cracked back in 2014 and the free version was made available to the hackers. After this, the tool got sophisticated as new plugins were added to it. Now, researchers from LMNTRX Labs have discovered a new addition that allows hackers to take advantage of the flaw and the tool is now available for free on the Dark Web.

In case you were underestimating the tool, it can allow a hacker to remoting shutdown or reboot the system, remotely browse files, access and control the Task Manager, Registry Editor, and even the mouse. Not only that, but the attacker can also open web pages, disable the webcam activity light to spy on the victim unnoticed and capture audio and video. Since the attacker has full access to the computer, they can also recover passwords and obtain login credentials using a keylogger as well as lock the computer with custom encryption that can act like ransomware.

Source: https://mspoweruser.com/all-windows-users-should-update-immediately-as-complete-control-hack-is-confirmed/?fbclid=IwAR0h_flNhOJ8J8at8_MyxFcufW6Ao5uiL_ojgLqVK47WZ175Mj7EUlLHGI8

 

[Brandon H Supervisor]

oh my, glad i'm up to date on my PC

[+Warwagon MVC]

Quote

Overall, these detection techniques apply for organizations and for personal/home users, the best thing to do right now is to update every piece of software to make sure it’s running on the latest version. This includes Windows drivers, 3rd party softwares and even Windows Updates. Most importantly, don’t download or open any suspicious email or install any 3rd party software from an unknown vendor.

The Average user is ####ed.

 

Run patchmypc on their machine and it's pretty much all red, like it wants to update almost every piece of software it knows about on the machine.