CVE-2019-1458

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified)

Description An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. This vulnerability was exploited by the APT Antlion group in a campaign of cyber espionage against financial and manufacturing companies in Taiwan from 2020 to 2021. The group used a custom backdoor called xPack, which is a .NET loader that extracts and executes encrypted AES payloads, to remain undetected and gain extensive access to the victims' networks for up to 18 months. The vulnerability was used to elevate privileges in the system and launch the xPack backdoor, which allowed the attackers to remotely execute WMI commands, use EternalBlue exploits, and connect to shared resources via SMB to transfer data to their command and control server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.