13 October 2021

Microsoft fixes actively exploited Windows zero-day


Microsoft fixes actively exploited Windows zero-day

Microsoft has released its monthly batch of security updates for Windows products and components, fixing over 70 vulnerabilities, including a Windows flaw actively exploited in the wild and three bugs that were publicly disclosed earlier, but are not known to be exploited in attacks.

The zero-day vulnerability, tracked as CVE-2021-40449, is a buffer overflow issue affecting the Win32k driver in Microsoft Windows kernel. It allows a local user to execute arbitrary code with elevated privileges using a specially crafted program.

The vulnerability was discovered by Kaspersky security researchers, who revealed that it was used by threat actors in “widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities” that installed the MysterySnail RAT on compromised Windows servers.

“Code similarity and re-use of C2 infrastructure we discovered allowed us to connect these attacks with the actor known as IronHusky and Chinese-speaking APT activity dating back to 2012,” the researchers said.

“We discovered that it was using a previously unknown vulnerability in the Win32k driver and exploitation relies heavily on a technique to leak the base addresses of kernel modules. We promptly reported these findings to Microsoft. The information disclosure portion of the exploit chain was identified as not bypassing a security boundary, and was therefore not fixed.”

As part of the October 2021 Patch Tuesday Microsoft also addressed three previously disclosed vulnerabilities:

CVE-2021-40469 - Windows DNS Server Remote Code Execution Vulnerability

CVE-2021-41335 - Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-41338 - Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

Other notable high-risk bugs fixed with the release of the October 2021 Patch Tuesday include those in Microsoft Excel, Windows Media Audio Decoder, Office Visio, Word, Windows Media Foundation, Microsoft Edge, and other products.

Back to the list

Latest Posts

Hackers steal over $120 million in crypto from DeFi project BadgerDAO

Hackers steal over $120 million in crypto from DeFi project BadgerDAO

The attackers stole more than 2,100 Bitcoin and 151 Ether from Badger user accounts.
3 December 2021
Hackers actively exploiting critical Zoho ManageEngine ServiceDesk Plus flaw to drop web shells

Hackers actively exploiting critical Zoho ManageEngine ServiceDesk Plus flaw to drop web shells

According to the FBI and CISA, threat actors have been exploiting the bug since late October 2021.
3 December 2021
Former Ubiquiti dev tried to extort his employer posing as a hacker

Former Ubiquiti dev tried to extort his employer posing as a hacker

Nickolas Sharp allegedly stole gigabytes of confidential data from the company and used it to demand nearly $2 million in ransom.
3 December 2021