Security News > 2021 > December > Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
It's worth noting that Microsoft also patched CVE-2021-43883, a privilege-escalation vulnerability in Windows Installer, for which there's been an exploit circulating, and, reportedly, active targeting by attackers - even though Microsoft said it has seen no exploitation.
"After gaining the initial foothold, achieving administrator-level access can allow attackers to disable security tools and deploy additional malware or tools like Mimikatz," he said.
The bug can be exploited if an attacker sends a specially crafted request to an affected server, according to Microsoft's advisory.
Another 9.8-out-of-10-rated bug is CVE-2021-43907, an RCE issue in Visual Studio Code WSL Extension that Microsoft said can be exploited by an unauthenticated attacker, with no user interaction.
The third and final 9.8 CVSS-rate bug is CVE-2021-43899, which also allows RCE on an affected device, if the attacker has a foothold on the same network as the Microsoft 4K Display Adapter.
"Although Microsoft has not disclosed exactly what user interaction is required for the attacker to succeed they have confirmed that the Preview Pane is not an attacker vector. Given that this threat can impact resources beyond the security scope managed by the security authority immediate remediation actions are advised."
News URL
https://threatpost.com/exploited-microsoft-zero-day-spoofing-malware/177045/
Related news
- Ivanti zero-day attacks infected devices with custom malware (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43907 | Unspecified vulnerability in Microsoft Windows Subsystem for Linux 0.63.4/0.63.5 Visual Studio Code WSL Extension Remote Code Execution Vulnerability | 9.8 |
| 2021-12-15 | CVE-2021-43899 | Unspecified vulnerability in Microsoft Wireless Display Adapter Firmware 2.0.8350/2.0.8365/2.0.8372 Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | 9.8 |
| 2021-12-15 | CVE-2021-43883 | Unspecified vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 7.8 |