Microsoft has commenced their monthly security updates on Tuesday wherein they have secured a total of 56 security vulnerabilities which also includes a major Windows Zero day that was being exploited on a large scale

Tracked as CVE-2021-1732, it is a privilege escalation bug, called the Windows zero day in the Win32k, which is a core component of the Windows OS.

The bug was abused after threat actors acquired passage to a Windows system in the interest of obtaining access at the system-level.

If certain Chinese reports are to be considered, the zero-day vulnerability was utilized by a sophisticated threat actor, known with a rather extended history of targetting multiple Chinese and Pakistani systems and organizations.

The report also stated that the particular zero day vulnerability was initially exploited in May 2020 and was primarily aiming at Windows10 1909 64-bits OS. 

However, succeeding tests were observed to discover that the bug also impacted the latest Windows 10 20H2 64-bits operating system. The attacker was apparently exploiting the zero-day bug “with precautions” for it going unnoticed for so long.

Vulnerabilities made public

Along with the major zero day security patch, the current monthly patch also is one to be taking notice of because of the sheer number of vulnerabilities whose details were posted way before the security patches were made obtainable.

Altogether, six Microsoft product vulnerabilities had their details revealed online before the availability of security patches. They were:

  • CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
  • CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
  • CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
  • CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
  • CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
  • CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability

Even though these vulnerabilities were published online, no thereat actors had attempted exploiting them.

CAUTION AGAINST TCP/IP BUGS:

In addition to the product Zero day vulnerabilities, the Windows TCP/IP stack vulnerabilities have also received three fixes in this month’s release.

The fixes for CVE-2021-24074 and CVE-2021-24094 patch up the remote code execution bugs or vulnerabilities that would permit threat actors to gain remote control over Windows systems. While the third bug-CVE-2021-24086 could be further mal-utilized to collapse Windows devices.

Microsoft had published a blog post to specifically warn users of these three bugs. They stated that the two RCE vulnerabilities were pretty complicated and hence did not make them too susceptible to functional exploits in the short term.

“We believe that attackers may be able to create DoS exploits much more rapidly and expect all three issues might be exploited with a DoS attack briefly after release,” states Microsoft. “Thus, we recommend users promptly apply the Windows security updates of this month.”

Since many Microsoft Windows Server instances are utilized to host cloud infrastructure or web servers, these are the ones that are most prone to attacks out of all other Windows systems.

The last vulnerability in the list CVE-2021-24078 is a remote code execution bug in the Windows DNS server component. This bug can be abused to pirate domain-name resolution operations in professional environments and divert authentic traffic to malicious servers. The bug has a severity score of 9.8 and needs and needs a prompt patch response.