Home > Cyber News > Microsoft CVE-2021-28310 Bug Actively Exploited in the Wild

Microsoft CVE-2021-28310 Bug Actively Exploited in the Wild

Microsoft CVE-2021-28310 Bug Actively Exploited in the Wild
This month’s Patch Tuesday fixes 110 security vulnerabilities, 19 of which are classified as critical, 88 important, and one under active exploitation. Five of the vulnerabilities are zero-days.

CVE-2021-28310 Under Active Exploitation

CVE-2021-28310, the vulnerability under attack, is a Win32k elevation of privilege bug currently exploited by the BITTER APT cybercriminal group. “Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072,” says MITRE’s technical description.

Kaspersky’s Secure List team provided their own analysis of the vulnerability:

We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access. Unfortunately, we weren’t able to capture a full chain, so we don’t know if the exploit is used with another browser zero-day, or coupled with known, patched vulnerabilities, the team said.

The exploit was initially identified by Secure List’s advanced exploit prevention technology and related detection records. “CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API,” the team explained.

Four Vulnerabilities Fixed in the Exchange Server

Listed as CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483, the vulnerabilities impact Microsoft Exchange server versions released between 2013 and 2019. All the flaws are likely to be exploited. CVE-2021-28480 and CVE-2021-28481 are described as “pre-authentication,” meaning that an attacker doesn’t need to authenticate to the server to exploit the bug.

“With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately,” said Satnam Narang, staff research engineer with Tenable in a conversation with Threatpost.

It is noteworthy that two of the flaws reported by the NSA were also discovered by Microsoft’s own research team.

Four Vulnerabilities Fixed in Microsoft Office

Four other troublesome vulnerabilities were patched in Microsoft Office, all of which remote code execution bugs. Affected are Microsoft Word (CVE-2021-28453), Microsoft Excel (CVE-2021-28454, CVE-2021-28451), and CVE-2021-28449 in Microsoft Office. All four flaws are important, affecting all versions of Office, so patches should be applied immediately.

Alongside Microsoft’s Patch Tuesday, users should also acknowledge Adobe’s April update, containing fixes for four critical vulnerabilities in Adobe Bridge, and several other flaws in Adobe Digital Editions, Photoshop and RoboHelp.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree