Security News > 2021 > July > Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said.
The spyware exploits two elevation-of-privilege security vulnerabilities in Windows, CVE-2021-31979 and CVE-2021-33771, both of which were addressed in Microsoft's July Patch Tuesday update this week.
The attacks are carried out via "a chain of exploits that impacted popular browsers and our Windows operating system," Microsoft noted.
"This overflow results in an incorrect buffer size being calculated, which is then used to allocate a buffer in the kernel pool," according to Microsoft.
To mitigate the attacks, Microsoft said that it "Built protections into our products against the unique malware Sourgum created," in addition to the patching.
"The protections we issued this week will prevent Sourgum's tools from working on computers that are already infected and prevent new infections on updated computers and those running Microsoft Defender Antivirus as well as those using Microsoft Defender for Endpoint."
News URL
https://threatpost.com/windows-zero-days-israeli-spyware-dissidents/167865/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2021-33771 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
| 2021-07-14 | CVE-2021-31979 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |