Hackers are taking advantage of unpatched security vulnerabilities in the Microsoft Windows operating system to infiltrate organizational systems, raising concerns about a new wave of cyber attacks when exploit codes are publicly available on the internet.
According to the US cybersecurity company Huntress, their experts have detected at least one organization being hacked through three vulnerabilities named BlueHammer, UnDefend and RedSun.
Notably, these vulnerabilities were announced with exploitation codes in just the past two weeks, allowing hackers to quickly take advantage of them to attack.
Among the three vulnerabilities, only BlueHammer has been patched by Microsoft earlier this week. The remaining two vulnerabilities have not been fully fixed, increasing risks for users and businesses.
Experts believe that the public disclosure of the exploitation code has significantly shortened the time from detecting the error to being exploited in practice.
The origin of the exploit codes is believed to be from a security researcher using the nickname Chaotic Eclipse.
Earlier this month, this person posted a clip exploiting an unpatched vulnerability on his personal blog, alluding to a conflict with Microsoft. Then, they continued to publish two other vulnerabilities with the same exploit code on the GitHub platform.
All three vulnerabilities are related to Windows Defender, which is a security software integrated in Windows.
If exploited, hackers can gain high-level access, even administrator rights on the affected system. This allows them to control devices, steal data or deploy deeper attacks.
A Microsoft representative said that the company supports disclosing the vulnerability according to a coordination process, in which researchers report the error to the manufacturer before making it public.
This approach helps ensure that the vulnerability is handled promptly, limiting risks for users. However, in this case, the coordination process did not seem to go smoothly.
In the cybersecurity industry, publicizing vulnerabilities with exploit codes is often called "comprehensive publicity".
Although it can help the community clearly recognize the seriousness of the problem, this approach also creates conditions for cybercriminals to quickly take advantage of available tools to attack.
According to Mr. John Hammond, a researcher at Huntress, the accessibility of mining tools is pushing security experts into a race against hackers.
When the attack code is made public, organizations are forced to urgently update the system and deploy defensive measures to minimize damage.
This incident shows the dangerous gap between the speed of technology development and the ability to protect the system.
In the context that vulnerabilities can be exploited almost immediately after being leaked, software updates and increased network security are no longer an option, but have become mandatory requirements for all organizations.
