Another Windows Zero-Day Flaw Actively Exploited - Microsoft Patches 4 Bugs in Patch Tuesday
Table of Contents
- By Dawna M. Roberts
- Published: Oct 22, 2021
- Last Updated: Mar 18, 2022
Yesterday was Patch Tuesday for Microsoft, and the tech giant rolled out an update to eliminate 71 vulnerabilities in the Windows operating system. Unfortunately, four of them are major zero-day flaws that hackers are actively exploiting.
What is Going On?
On Tuesday, Microsoft released a security patch to fix more than 71 vulnerabilities in the Windows operating system; four of them are high-level zero-day flaws. Microsoft is urging all customers to update their systems immediately to prevent hackers from exploiting these issues.
According to The Hacker News, “Two of the addressed security flaws are rated Critical, 68 are rated Important, and one is rated Low in severity, with three of the issues listed as publicly known at the time of the release. The four zero-days are as follows;
- CVE-2021-40449 (CVSS score: 7.8) - Win32k Elevation of Privilege Vulnerability.
- CVE-2021-41335 (CVSS score: 7.8) - Windows Kernel Elevation of Privilege Vulnerability.
- CVE-2021-40469 (CVSS score: 7.2) - Windows DNS Server Remote Code Execution Vulnerability.
- CVE-2021-41338 (CVSS score: 5.5) - Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability.”
The most critical flaw is CVE-2021-40449, called a use-after-free issue with the Win32k kernel driver. Kaspersky threat researchers first discovered the flaw exploited by hackers in late August and early September. The ‘widespread espionage campaign targeting IT companies, defense contractors, and diplomatic entities. The Russian cybersecurity firm dubbed the threat cluster “MysterySnail.”’ Threat researchers witnessed this flaw being used in a Chinese-backed advanced persistent threat (APT) campaign by the group “IronHusky.”
Kaspersky told Threatpost “MysterySnail has the potential to collect and exfiltrate system information from compromised hosts, in addition to other malicious users having the ability to gain complete control of the affected system and launch further attacks.”
The firm’s researchers explain, “Code similarity and re-use of C2 [command-and-control] infrastructure we discovered allowed us to connect these attacks with the actor known as IronHusky and Chinese-speaking APT activity dating back to 2012.”
The attack eventually leads to the installation of a remote access trojan (RAT) capable of exfiltrating data and infecting host machines.
The concern is that these types of flaws may allow hackers to perform unauthorized actions on devices such as deleting files, moving or changing data, viewing private/sensitive information, and even installing malware.
What Else is Affected?
According to The Hacker News
“Other bugs of note include remote code execution vulnerabilities affecting Microsoft Exchange Server ( CVE-2021-26427 ), Windows Hyper-V ( CVE-2021-38672 and CVE-2021-40461 ), SharePoint Server ( CVE-2021-40487 and CVE-2021-41344 ), and Microsoft Word ( CVE-2021-40486 ) as well as an information disclosure flaw in Rich Text Edit Control ( CVE-2021-40454 ).”
Threat experts warn that any flaw in Microsoft Exchange Server is not to be taken lightly. Exchange Servers are high-value targets for hackers and often provide a pathway into the corporate network.
Once again, the Print Spooler component is on the list to be fixed. This year, Microsoft has rolled out dozens of other patches for this particular feature. Unfortunately, it appears to remain vulnerable to exploits.
Along with Microsoft, many other companies also released security updates yesterday, including.
- Adobe.
- Android.
- Apple.
- Cisco.
- Citrix.
- Intel.
- Linux distributions Oracle Linux , Red Hat , and SUSE
- SAP.
- Schneider Electric.
- Siemens.
- VMware.
Microsoft Users
Microsoft users should update their Windows machines immediately to patch each of these threats and protect against attacks. The Windows operating system can be configured to install updates automatically while you sleep, or you can choose to install updates manually.