Last Tuesday, Microsoft released its monthly security updates, known as Patch Tuesday in the IT industry. The security patch release aims to fix 50 vulnerabilities, including six critical Windows zero-day flaws actively being exploited in the wild. This batch is the most active zero-day flaw patch that addresses bugs actively exploited in a single release in Microsoft’s security update history.
Typically, the technical details regarding the zero-day flaws have been undisclosed mainly to give organizations and security defenders ample time to apply the patches before hackers, and threat actors learn of the vulnerability and use it for exploitation.
However, small details regarding the exploit have been shared by Google. They also reported the ongoing attacks to Microsoft using the flaws.
CVE-2021-33742 is a commercial exploit. Among the six zero-day vulnerabilities, CVE-2021-33742 is the most notable. It is an RCE(remote code execution) vulnerability in the MSHTML component, part of the most renowned browser, the Internet Explorer.
Shane Huntly, the head of Google’s Threat Analysis Group has mentioned in his tweet that his team has discovered the vulnerability actively being abused by threat actors. Furthermore, their discovery pointed that professional exploit brokers have developed the exploit.
Huntly and his team did not share technical details related to the exploit but promised to publish it after 30 days. However, he said that a nation-state used the exploit for several targeted attacks against Europe and the Middle East.
CVE-2021-31955 and CVE-2021-31956 are two exploitable bugs for recent versions of Windows 10 that are part of a more complex exploit chain that involves web delivery using the Chrome browser.
Researchers mentioned in a published report on the Microsoft patch release that they cannot identify the exploit used for the remote code execution done on the Chrome web browser. However, they can discover the elevation of privilege exploit using the bugs used to obtain system privileges.
Both Windows zero-day bugs, which exploit two different vulnerabilities in Microsoft’s OS kernel, have caught the researcher’s interest. They were developed to work against the most prominent builds of Windows 10. This suggests that the threat actor is interested and is targeting modern and up-to-date systems.
In CVE-2021-31199 and CVE-2021-31201, Microsoft patched two zero-day flaws related to Adobe Reader that Adobe patched last month. These two patches address the exploit in Microsoft’s cryptographic libraries that also impact older OS versions such as Windows 7 and Server 2021.
Neither Microsoft nor Adobe revealed in their patch notes any information regarding the attacks.