![]() ![]() Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API. Contact: Technical detailsĬVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). More information about BITTER APT and IOCs are available to customers of the Kaspersky Intelligence Reporting service. In this blog we provide a technical analysis of the vulnerability and how the bad guys exploited it. We will continue to improve defenses for our users by enhancing technologies and working with third-party vendors to patch vulnerabilities, making the internet more secure for everyone. ![]() In fact, over the past few years, we have built a multitude of exploit protection technologies into our products that have detected several zero-days, proving their effectiveness time and again. The exploit was initially identified by our advanced exploit prevention technology and related detection records. Unfortunately, we weren't able to capture a full chain, so we don't know if the exploit is used with another browser zero-day, or coupled with known, patched vulnerabilities. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access. We believe this exploit is used in the wild, potentially by several threat actors. Microsoft released a patch to this vulnerability as a part of its April security updates. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310. While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |