CVE-2021-28310 Under Active Exploitation
CVE-2021-28310, the vulnerability under attack, is a Win32k elevation of privilege bug currently exploited by the BITTER APT cybercriminal group. “Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072,” says MITRE’s technical description.
Kaspersky’s Secure List team provided their own analysis of the vulnerability:
We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access. Unfortunately, we weren’t able to capture a full chain, so we don’t know if the exploit is used with another browser zero-day, or coupled with known, patched vulnerabilities, the team said.
The exploit was initially identified by Secure List’s advanced exploit prevention technology and related detection records. “CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API,” the team explained.
Four Vulnerabilities Fixed in the Exchange Server
Listed as CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483, the vulnerabilities impact Microsoft Exchange server versions released between 2013 and 2019. All the flaws are likely to be exploited. CVE-2021-28480 and CVE-2021-28481 are described as “pre-authentication,” meaning that an attacker doesn’t need to authenticate to the server to exploit the bug.
“With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately,” said Satnam Narang, staff research engineer with Tenable in a conversation with Threatpost.
It is noteworthy that two of the flaws reported by the NSA were also discovered by Microsoft’s own research team.
Four Vulnerabilities Fixed in Microsoft Office
Four other troublesome vulnerabilities were patched in Microsoft Office, all of which remote code execution bugs. Affected are Microsoft Word (CVE-2021-28453), Microsoft Excel (CVE-2021-28454, CVE-2021-28451), and CVE-2021-28449 in Microsoft Office. All four flaws are important, affecting all versions of Office, so patches should be applied immediately.
Alongside Microsoft’s Patch Tuesday, users should also acknowledge Adobe’s April update, containing fixes for four critical vulnerabilities in Adobe Bridge, and several other flaws in Adobe Digital Editions, Photoshop and RoboHelp.