Microsoft has released its monthly batch of security updates that address a total of 56 vulnerabilities affecting its various products. It’s important to note that Microsoft's February 2021 Patch Tuesday also contains fixes for one zero-day flaw and a number of previously disclosed issues.
Tracked as CVE-2021-1732, the zero-day flaw is an elevation of privilege bug in Win32k, a component of the Windows operating system. The vulnerability exists due to a boundary error when the Win32k.sys driver in Windows kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
In its security advisory Microsoft did not share details of the nature of attacks CVE-2021-1732 was exploited in or who the culprit was, but Chinese security firm DBAPPSecurity revealed that the zero-day was used in campaigns orchestrated by an advanced threat actor known as Bitter, focused on targeting Pakistani and Chinese organizations and users.
The Chinese firm said that so far they detected a small number of attacks targeting victims in China. According to the researchers, the zero-day exploit they initially detected was compiled in May 2020 and was designed to target Windows10 1909 64-bits operating system. DBAPPSecurity said that the origin exploit targets several Windows 10 versions, from Windows10 1709 to Windows10 1909 and could be exploited on Windows10 20H2 with minor modifications.
In addition to CVE-2021-1732, Microsoft fixed numerous publicly disclosed vulnerabilities, including a Windows Installer Elevation of Privilege Vulnerability (CVE-2021-1727) and a Sysinternals PsExec Elevation of Privilege Vulnerability (CVE-2021-1733). None of these bugs were observed being exploited in the wild.
Microsoft's February 2021 Patch Tuesday also addresses multiple high risk flaws impacting Microsoft Windows DNS Server, Microsoft Excel, Windows TCP/IP, Microsoft Package Managers Configurations and other products.