{"id":3541,"date":"2019-07-16T11:30:26","date_gmt":"2019-07-16T08:30:26","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=3541"},"modified":"2019-07-16T11:46:47","modified_gmt":"2019-07-16T08:46:47","slug":"windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/","title":{"rendered":"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks"},"content":{"rendered":"\n<p>In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe.<\/p>\n\n\n\n<p>The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the&nbsp;<code>win32k.sys<\/code>&nbsp;component. Once the exploit was discovered and analyzed, it was reported to the Microsoft Security Response Center, who promptly fixed the vulnerability and released a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2019-1132\" target=\"_blank\">patch<\/a>.<\/p>\n\n\n\n<p>The vulnerability affects the following Windows versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Windows 7 for 32-bit Systems Service Pack 1<\/li><li>Windows 7 for x64-based Systems Service Pack 1<\/li><li>Windows Server 2008 for 32-bit Systems Service Pack 2<\/li><li>Windows Server 2008 for Itanium-Based Systems Service Pack 2<\/li><li>Windows Server 2008 for x64-based Systems Service Pack 2<\/li><li>Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1<\/li><li>Windows Server 2008 R2 for x64-based Systems Service Pack 1<\/li><\/ul>\n\n\n\n<p>This blog post focuses on the technical details of the vulnerability and its exploitation.&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2019\/07\/11\/buhtrap-zero-day-espionage-campaigns\/\" target=\"_blank\" rel=\"noreferrer noopener\">Another post<\/a>&nbsp;delves into the malware sample and its broader implications.<\/p>\n\n\n\n<p><strong>Exploitation<\/strong><\/p>\n\n\n\n<p>As with a number of other Microsoft Windows&nbsp;<code>win32k.sys<\/code>&nbsp;vulnerabilities disclosed in recent years, this exploit uses popup menu objects. For example, the Sednit group\u2019s local privilege escalation exploit that&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.welivesecurity.com\/2017\/05\/09\/sednit-adds-two-zero-day-exploits-using-trumps-attack-syria-decoy\/\" target=\"_blank\">we analyzed in&nbsp;2017<\/a>&nbsp;used menu objects and techniques very similar to the current exploit.<\/p>\n\n\n\n<p>This exploit creates two windows; one for the first stage and another one for the second stage of the exploitation. For the first window, it creates popup menu objects and appends menu items using the&nbsp;<code>CreatePopupMenu<\/code>&nbsp;and&nbsp;<code>AppendMenu<\/code>&nbsp;functions. In addition, the exploit sets up&nbsp;<code>WH_CALLWNDPROC<\/code>&nbsp;and&nbsp;<code>EVENT_SYSTEM_MENUPOPUPSTART<\/code>&nbsp;hooks.<\/p>\n\n\n\n<p>Then the exploit displays a menu using the&nbsp;<code>TrackPopupMenu<\/code>&nbsp;function. At this point the code hooked to&nbsp;<code>EVENT_SYSTEM_MENUPOPUPSTART<\/code>&nbsp;gets executed. This code attempts to open as the first available item in the menu, by sending a sequence of&nbsp;<code>MN_SELECTITEM<\/code>,&nbsp;<code>MN_SELECTFIRSTVALIDITEM<\/code>&nbsp;and&nbsp;<code>MN_OPENHIERARCHY<\/code> messages to the menu.<\/p>\n\n\n\n<p>The next step is very important for triggering this vulnerability. The exploit must catch the moment in time when the initial menu is already created, but the sub-menu is only about to be created. For that, the exploit has code that handles the&nbsp;<code>WM_NCCREATE<\/code>&nbsp;message in the&nbsp;<code>WH_CALLWNDPROC<\/code>&nbsp;hook. When the exploit code detects the system is in this state, it sends&nbsp;<code>MN_CANCELMENUS<\/code>&nbsp;(0x1E6) message to the first menu, which cancels that menu. However, its sub-menu is still about to be created.<\/p>\n\n\n\n<p>Now if we check this sub-menu object in kernel mode, we would see that&nbsp;<code>tagPOPUPMENU\u2011&gt;ppopupmenuRootequals 0<\/code>. This state allows the attacker to use that element in this kernel structure as a NULL pointer dereference. The exploit allocates a new page at address 0x0 and this address will be treated as a&nbsp;<code>tagPOPUPMENUobject<\/code> (see Figure 1) by the kernel.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a  href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/07\/01_tagPOPUPMENU_NULL_red-1.png\" data-rel=\"lightbox-gallery-0\" data-rl_title=\"\" data-rl_caption=\"\" data-magnific_type=\"gallery\" title=\"\"><img decoding=\"async\" src=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/07\/01_tagPOPUPMENU_NULL_red-1.png\" alt=\"\" class=\"wp-image-127583\"\/><\/a><\/figure>\n\n\n\n<p><em>Figure 1. The&nbsp;<\/em><code>tagPOPUPMENU<\/code>&nbsp;<em>kernel structure<\/em><\/p>\n\n\n\n<p>At this point, the attackers use the second window. The main exploit goal is to flip the&nbsp;<code>bServerSideWindowProc<\/code>&nbsp;bit in the&nbsp;<code>tagWND<\/code>&nbsp;structure of the second window. This causes the execution of a&nbsp;<code>WndProc<\/code>&nbsp;procedure in kernel mode.<\/p>\n\n\n\n<p>To perform that, the attackers leak the kernel memory address of the<code>&nbsp;tagWND<\/code>&nbsp;structure of the second window by calling the non-exported&nbsp;<code>HMValidateHandle<\/code>&nbsp;function in the&nbsp;<code>user32.dll<\/code>&nbsp;library. Then the exploit crafts a fake&nbsp;<code>tagPOPUPMENU<\/code>&nbsp;object at the NULL page and sends a&nbsp;<code>MN_BUTTONDOWN<\/code>&nbsp;message to a sub-menu.<\/p>\n\n\n\n<p>After that, the kernel will eventually execute the&nbsp;<code>win32k!xxxMNOpenHierarchy<\/code>&nbsp;function.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a  href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/07\/02_HMAssignmentLock-1.png\" data-rel=\"lightbox-gallery-0\" data-rl_title=\"\" data-rl_caption=\"\" data-magnific_type=\"gallery\" title=\"\"><img decoding=\"async\" src=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/07\/02_HMAssignmentLock-1.png\" alt=\"\" class=\"wp-image-127584\"\/><\/a><\/figure>\n\n\n\n<p><em>Figure 2. Disassembled code of the&nbsp;<\/em><code>win32k!xxxMNOpenHierarchy<\/code>&nbsp;function<\/p>\n\n\n\n<p>This function passes a crafted object at the NULL page to&nbsp;<code>win32k!HMAssignmentLock<\/code>. The&nbsp;<code>bServerSideWindowProc<\/code>&nbsp;bit is set inside the&nbsp;<code>win32k!HMDestroyUnlockedObject<\/code>&nbsp;function, which is located a few calls deeper inside&nbsp;<code>win32k!HMAssignmentLock<\/code>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a  href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/07\/03_HMDestroyUnlockedObject-1.png\" data-rel=\"lightbox-gallery-0\" data-rl_title=\"\" data-rl_caption=\"\" data-magnific_type=\"gallery\" title=\"\"><img decoding=\"async\" src=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2019\/07\/03_HMDestroyUnlockedObject-1.png\" alt=\"\" class=\"wp-image-127585\"\/><\/a><\/figure>\n\n\n\n<p><em>Figure 3. Disassembled code of the&nbsp;<\/em><code>win32k!HMDestroyUnlockedObject<\/code>&nbsp;function<\/p>\n\n\n\n<p>Everything is done! Now the exploit can send a specific message to the second window in order to execute&nbsp;<code>WndProc<\/code>&nbsp;in kernel mode.<\/p>\n\n\n\n<p><strong>Conclusion<\/strong><\/p>\n\n\n\n<p>The exploit only works against older versions of Windows, because since Windows 8 a user process is not allowed to map the NULL page. Microsoft back-ported this mitigation to Windows 7 for x64-based systems.<\/p>\n\n\n\n<p>People who still use Windows 7 for 32-bit systems Service Pack 1 should consider updating to newer operating systems, since extended support of Windows 7 Service Pack 1 ends on&nbsp;<a href=\"http:\/\/windows.microsoft.com\/en-us\/windows\/lifecycle\" target=\"_blank\" rel=\"noreferrer noopener\">January 14<sup>th<\/sup>, 2020<\/a>. Which means that Windows 7 users won\u2019t receive critical security updates. Thus, vulnerabilities like this one will stay unpatched forever.<\/p>\n\n\n\n<p><strong>Indicators of Compromise (IoCs)<\/strong><\/p>\n\n\n\n<table class=\"wp-block-table\"><thead><tr><th>SHA-1 hash<\/th><th>ESET detection name<\/th><\/tr><\/thead><tbody><tr><td>CBC93A9DD769DEE98FFE1F43A4F5CADAF568E321<br><\/td><td>Win32\/Exploit.CVE-2019-1132.A<\/td><\/tr><\/tbody><\/table>\n\n\n\n<p>Source: <a href=\"https:\/\/www.welivesecurity.com\/2019\/07\/10\/windows-zero-day-cve-2019-1132-exploit\/\">Welivesecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the&nbsp;win32k.sys&nbsp;component. Once the exploit was discovered and analyzed, it was reported to the Microsoft Security Response Center, who promptly<\/p>\n","protected":false},"author":5,"featured_media":3542,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[363],"tags":[],"class_list":["post-3541","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks - ESET Eesti Blogi<\/title>\n<meta name=\"description\" content=\"ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks\" \/>\n<meta property=\"og:description\" content=\"ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"ESET Eesti Blogi\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/antiviirus\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-16T08:30:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-16T08:46:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Windows_0Day_Exploit.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ESET Blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ESET Blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/\"},\"author\":{\"name\":\"ESET Blog\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"headline\":\"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks\",\"datePublished\":\"2019-07-16T08:30:26+00:00\",\"dateModified\":\"2019-07-16T08:46:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/\"},\"wordCount\":744,\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Windows_0Day_Exploit.jpg\",\"articleSection\":[\"vulnerability\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2019\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/\",\"name\":\"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks - ESET Eesti Blogi\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Windows_0Day_Exploit.jpg\",\"datePublished\":\"2019-07-16T08:30:26+00:00\",\"dateModified\":\"2019-07-16T08:46:47+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"description\":\"ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Windows_0Day_Exploit.jpg\",\"contentUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Windows_0Day_Exploit.jpg\",\"width\":1200,\"height\":675},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\",\"name\":\"ESET Eesti Blogi\",\"description\":\"Uudised IT maailmast\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\",\"name\":\"ESET Blog\",\"sameAs\":[\"http:\\\/\\\/eset.ee\"],\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/author\\\/allankinsigo\\\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/16\\\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\\\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"ESET EESTI\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks - ESET Eesti Blogi","description":"ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks","og_description":"ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows","og_url":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/","og_site_name":"ESET Eesti Blogi","article_publisher":"http:\/\/www.facebook.com\/antiviirus","article_published_time":"2019-07-16T08:30:26+00:00","article_modified_time":"2019-07-16T08:46:47+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Windows_0Day_Exploit.jpg","type":"image\/jpeg"}],"author":"ESET Blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ESET Blog","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/#article","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/"},"author":{"name":"ESET Blog","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"headline":"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks","datePublished":"2019-07-16T08:30:26+00:00","dateModified":"2019-07-16T08:46:47+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/"},"wordCount":744,"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Windows_0Day_Exploit.jpg","articleSection":["vulnerability"],"inLanguage":"en-US","copyrightYear":"2019","copyrightHolder":{"@id":"https:\/\/blog.eset.ee\/et\/#organization"}},{"@type":"WebPage","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/","url":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/","name":"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks - ESET Eesti Blogi","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/#primaryimage"},"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Windows_0Day_Exploit.jpg","datePublished":"2019-07-16T08:30:26+00:00","dateModified":"2019-07-16T08:46:47+00:00","author":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"description":"ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows","breadcrumb":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/#primaryimage","url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Windows_0Day_Exploit.jpg","contentUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Windows_0Day_Exploit.jpg","width":1200,"height":675},{"@type":"BreadcrumbList","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.eset.ee\/et\/en\/"},{"@type":"ListItem","position":2,"name":"Windows zero\u2011day CVE\u20112019\u20111132 exploited in targeted attacks"}]},{"@type":"WebSite","@id":"https:\/\/blog.eset.ee\/et\/en\/#website","url":"https:\/\/blog.eset.ee\/et\/en\/","name":"ESET Eesti Blogi","description":"Uudised IT maailmast","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.eset.ee\/et\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88","name":"ESET Blog","sameAs":["http:\/\/eset.ee"],"url":"https:\/\/blog.eset.ee\/et\/en\/author\/allankinsigo\/"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/16\/windows-zero%e2%80%91day-cve%e2%80%912019%e2%80%911132-exploited-in-targeted-attacks\/#local-main-organization-logo","url":"","contentUrl":"","caption":"ESET EESTI"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/3541","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=3541"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/3541\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/3542"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=3541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=3541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=3541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}