Microsoft DirectX Elevation of Privilege Vulnerability Found by Hillstone Networks

In the early morning of March 11, Beijing time, Microsoft released the last round of security updates before the Pwn2own World Hacking Contest, which fixed the DirectX Elevation of Privilege Vulnerability (CVE-2020-0690) reported by two security researchers at Hillstone Networks. Meanwhile, the latest security notification is published on the Microsoft website. The vulnerability affects all versions of the Windows 10 operating system.

Figure 1: Microsoft Acknowledgement to Hillstone Networks Security Team

Figure 2: Security Updates

Vulnerabilities are weapons in the cyber world. If used by hackers, they will bring huge security issues. In recent years, through the cooperation with security vendors and security researchers, Microsoft encourages white hats to submit vulnerabilities in Microsoft products to better protect user security. As one of the few members of Microsoft Active Protections Program (MAPP) from China, Hillstone has always been cooperating with Microsoft on security intelligence.

In the view of Hillstone security experts, users need to install patches as soon as possible to avoid exposure to security risks, in addition to the Microsoft’s improvement of its own security mitigation. Hillstone also reminds users not to open files or browse webpages of unknown origin.