Security News > 2021 > December > Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
It's worth noting that Microsoft also patched CVE-2021-43883, a privilege-escalation vulnerability in Windows Installer, for which there's been an exploit circulating, and, reportedly, active targeting by attackers - even though Microsoft said it has seen no exploitation.
"After gaining the initial foothold, achieving administrator-level access can allow attackers to disable security tools and deploy additional malware or tools like Mimikatz," he said.
The bug can be exploited if an attacker sends a specially crafted request to an affected server, according to Microsoft's advisory.
Another 9.8-out-of-10-rated bug is CVE-2021-43907, an RCE issue in Visual Studio Code WSL Extension that Microsoft said can be exploited by an unauthenticated attacker, with no user interaction.
The third and final 9.8 CVSS-rate bug is CVE-2021-43899, which also allows RCE on an affected device, if the attacker has a foothold on the same network as the Microsoft 4K Display Adapter.
"Although Microsoft has not disclosed exactly what user interaction is required for the attacker to succeed they have confirmed that the Preview Pane is not an attacker vector. Given that this threat can impact resources beyond the security scope managed by the security authority immediate remediation actions are advised."
News URL
https://threatpost.com/exploited-microsoft-zero-day-spoofing-malware/177045/
Related news
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43907 | Unspecified vulnerability in Microsoft Windows Subsystem for Linux 0.63.4/0.63.5 Visual Studio Code WSL Extension Remote Code Execution Vulnerability | 9.8 |
| 2021-12-15 | CVE-2021-43899 | Unspecified vulnerability in Microsoft Wireless Display Adapter Firmware 2.0.8350/2.0.8365/2.0.8372 Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | 9.8 |
| 2021-12-15 | CVE-2021-43883 | Unspecified vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 7.8 |