Security News > 2021 > December > Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
It's worth noting that Microsoft also patched CVE-2021-43883, a privilege-escalation vulnerability in Windows Installer, for which there's been an exploit circulating, and, reportedly, active targeting by attackers - even though Microsoft said it has seen no exploitation.
"After gaining the initial foothold, achieving administrator-level access can allow attackers to disable security tools and deploy additional malware or tools like Mimikatz," he said.
The bug can be exploited if an attacker sends a specially crafted request to an affected server, according to Microsoft's advisory.
Another 9.8-out-of-10-rated bug is CVE-2021-43907, an RCE issue in Visual Studio Code WSL Extension that Microsoft said can be exploited by an unauthenticated attacker, with no user interaction.
The third and final 9.8 CVSS-rate bug is CVE-2021-43899, which also allows RCE on an affected device, if the attacker has a foothold on the same network as the Microsoft 4K Display Adapter.
"Although Microsoft has not disclosed exactly what user interaction is required for the attacker to succeed they have confirmed that the Preview Pane is not an attacker vector. Given that this threat can impact resources beyond the security scope managed by the security authority immediate remediation actions are advised."
News URL
https://threatpost.com/exploited-microsoft-zero-day-spoofing-malware/177045/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Malicious ads exploited Internet Explorer zero day to drop malware (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43907 | Unspecified vulnerability in Microsoft Windows Subsystem for Linux 0.63.4/0.63.5 Visual Studio Code WSL Extension Remote Code Execution Vulnerability | 9.8 |
| 2021-12-15 | CVE-2021-43899 | Unspecified vulnerability in Microsoft Wireless Display Adapter Firmware 2.0.8350/2.0.8365/2.0.8372 Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | 9.8 |
| 2021-12-15 | CVE-2021-43883 | Unspecified vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 7.8 |