New Zero day vulnerabilities for Windows have been discovered, Microsoft has rolled out security patches to fix 71 vulnerabilities in Microsoft Windows and other softwares. You need to update your Windows PC immediately to the latest patches as it includes fixes for an actively exploited privilege escalation vulnerability. This can be exploited in conjunction with remote code execution bugs to take control over vulnerable systems.
Of the 71 vulnerabilities discovered, two are rated critical, 68 are rated Important and one is rated low in terms of severity. While the other three issues are listed as publicly known at the time of the release.
Four zero-days listed are as follows
- CVE-2021-40449 (CVSS score: 7.8) – Win32k Elevation of Privilege Vulnerability
- CVE-2021-41335 (CVSS score: 7.8) – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-40469 (CVSS score: 7.2) – Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-41338 (CVSS score: 5.5) – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
According to Kaspersky, who discovered the CVE-2021-40449 a use-after-free vulnerability in the Win32k kernel driver is on top of the list. It has been exploited in the wild since August and early September 2021 as part of a widespread espionage campaign targeting IT companies, defense contractors, and diplomatic entities. The threat cluster is dubbed as “MysterySnail” by the Russian cybersecurity company.
According to Boris Larin and Costin Raiu, Kaspersky researchers in a technical write-up said, “Code similarity and re-use of C2 [command-and-control] infrastructure we discovered allowed us to connect these attacks with the actor known as IronHusky and Chinese-speaking APT activity dating back to 2012.” The infection chains are capable of deploying remote access trojans capable of collecting and exfiltrating system information from compromised hosts before reaching out to its C2 server for further instructions.
Other Remote Code Execution Vulnerabilities
- Affecting Microsoft Exchange Server – CVE-21-2642702
- Affecting Windows Hyper-V – CVE-2021-38672 and CVE-2021-40461
- Affecting SharePoint Server – CVE-2021-40487 and CVE-2021-41344
- Affecting Microsoft Word – CVE-2021-40486
- An information disclosure flaw in Rich Text Edit Control – CVE-2021-40454
The latest patch fixed two shortcomings newly discovered in the Print Spooler component — CVE-2021-41332 and CVE-2021-36970. According to security researcher Ollypwn, “In this case, it looks like an attacker can abuse the Spooler service to upload arbitrary files to other servers.”
Other Software Patches
Software patches from other vendors have also been released to address several vulnerabilities, this includes —
- Oracle Linux
- Red Hat
- Schneider Electric