Security News > 2021 > February > Recently fixed Windows zero-day actively exploited since mid-2020
Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.
The actively exploited zero-day bug is tracked as 'CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability.
CVE-2021-1732 can be exploited by attackers with basic user privileges in low complexity attacks that don't require user interaction.
According to their report, the zero-day was being actively used in targeted attacks by an advanced persistent threat group tracked as Bitter and T-APT-17.
Bitter is known for information theft and espionage campaigns targeting China, Pakistan, and Saudi Arabia since at least 2013 [1, 2, 3, 4]. As they observed, the threat actor was using a CVE-2021-1732 exploit specifically targeting Windows 10 1909 systems, even though the zero-day impacts multiple Windows 10 and Windows Server up to the latest released versions.
Before being fixed by Redmond, this zero-day was also actively used by threat actors in targeted attacks.
News URL
Related news
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-25 | CVE-2021-1732 | Out-of-bounds Write vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.8 |