Subscribe
  • Home
  • /
  • Malware
  • /
  • Microsoft patches zero-day exploit found in Desktop Window Manager

Microsoft patches zero-day exploit found in Desktop Window Manager

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 14 Apr 2021

Researchers at Kaspersky, have discovered a zero-day exploit in Microsoft's Desktop Window Manager while analysing already reported CVE-2021-1732 exploit used by the BITTER APT group.

The exploit, called CVE-2021-28310 was reported to Microsoft in February, and a patch was released on 13 April.

The researchers are currently unable to link this exploit to any known attacker.

A zero-day vulnerability is an unknown software bug, which upon identification and discovery, could enable bad actors to carry out malicious activities in the shadows, resulting in unexpected and destructive consequences.

According to the experts, this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege exploit which enables malefactors to execute arbitrary code on a target’s computer.

They say it is probable that the exploit is used in conjunction with other browser exploits to escape sandboxes or obtain system privileges for further access.

The initial investigation has not yet revealed the full infection chain, so it is yet to be seen whether the exploit is used with another zero-day or coupled with known, patched vulnerabilities.

Boris Larin, a security expert at Kaspersky, says the exploit was initially identified by Kaspersky’s advanced exploit prevention technology and related detection records.

“In fact, over the past few years, we have built a multitude of exploit protection technologies into our products that have detected several zero-days, proving their effectiveness time and time again.”

He added that Kaspersky will continue to improve its defences by enhancing its technologies and working with third-party vendors to patch vulnerabilities, making the Internet more secure for everyone.

To protect against this threat, Kaspersky recommends installing patches for the new vulnerability as soon as possible, having and endpoint protection solution that employs vulnerability and patch management capabilities, and providing the SOC team with access to the latest threat intelligence.

Share