Lucene search

K
thnThe Hacker NewsTHN:57C3D6DDFA31EA2EA2B6BF2A747A612C
HistoryOct 13, 2021 - 5:49 a.m.

Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack

2021-10-1305:49:00
The Hacker News
thehackernews.com
113

9.6 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Windows Update

Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems.

Two of the addressed security flaws are rated Critical, 68 are rated Important, and one is rated Low in severity, with three of the issues listed as publicly known at the time of the release. The four zero-days are as follows β€”

  • CVE-2021-40449 (CVSS score: 7.8) - Win32k Elevation of Privilege Vulnerability
  • CVE-2021-41335 (CVSS score: 7.8) - Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2021-40469 (CVSS score: 7.2) - Windows DNS Server Remote Code Execution Vulnerability
  • CVE-2021-41338 (CVSS score: 5.5) - Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

At the top of the list is CVE-2021-40449, a use-after-free vulnerability in the Win32k kernel driver discovered by Kaspersky as being exploited in the wild in late August and early September 2021 as part of a widespread espionage campaign targeting IT companies, defense contractors, and diplomatic entities. The Russian cybersecurity firm dubbed the threat cluster β€œMysterySnail.”

β€œCode similarity and re-use of C2 [command-and-control] infrastructure we discovered allowed us to connect these attacks with the actor known as IronHusky and Chinese-speaking APT activity dating back to 2012,” Kaspersky researchers Boris Larin and Costin Raiu said in a technical write-up, with the infection chains leading to the deployment of a remote access trojan capable of collecting and exfiltrating system information from compromised hosts before reaching out to its C2 server for further instructions.

Other bugs of note include remote code execution vulnerabilities affecting Microsoft Exchange Server (CVE-2021-26427), Windows Hyper-V (CVE-2021-38672 and CVE-2021-40461), SharePoint Server (CVE-2021-40487 and CVE-2021-41344), and Microsoft Word (CVE-2021-40486) as well as an information disclosure flaw in Rich Text Edit Control (CVE-2021-40454).

CVE-2021-26427, which has a CVSS score of 9.0 and was identified by the U.S. National Security Agency, once again underscoring that β€œExchange servers are high-value targets for hackers looking to penetrate business networks,” Bharat Jogi, senior manager of vulnerability and threat research at Qualys, said.

The October Patch Tuesday release is rounded out by fixes for two shortcomings newly discovered in the Print Spooler component β€” CVE-2021-41332 and CVE-2021-36970 β€” each concerning an information disclosure bug and a spoofing vulnerability, which has been tagged with an β€œExploitation More Likely” exploitability index assessment.

β€œA spoofing vulnerability usually indicates that an attacker can impersonate or identify as another user,” security researcher ollypwn noted in a Twitter thread. β€œIn this case, it looks like an attacker can abuse the Spooler service to upload arbitrary files to other servers.”

Software Patches From Other Vendors

In addition to Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including β€”

Found this article interesting? Follow THN on Facebook, Twitter ο‚™ and LinkedIn to read more exclusive content we post.

9.6 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C