Many bug details went publicīesides the zero-day, this month's Patch Tuesday also stands out because of the high number of vulnerabilities whose details were made public even before patches were available. Of note was that in its report, the Chinese security firm described the zero-day as "high-quality" and "sophisticated," and said that the attacker used it "with caution," going undetected for almost seven months. The bug was exploited after attackers gained access to a Windows system in order to obtain SYSTEM-level access.Īccording to a report from Chinese security firm DBAPPSecurity, the zero-day was employed by an advanced threat actor known as Bitter, with a long history of attacks targeting Pakistani and Chinese organizations and users.ĭBAPPSecurity said the zero-day exploit they initially detected was compiled in May 2020 and was designed to target Windows10 1909 64-bits operating system, but that subsequent tests revealed that the bug also impacted the latest Windows10 20H2 64-bitsOS as well. Tracked as CVE-2021-1732, the Windows zero-day is an elevation of privelege bug in Win32k, a core component of the Windows operating system. This month, the OS maker has fixed 56 security vulnerabilities, including a Windows bug that was being exploited in the wild before today's patches. Microsoft has released today its monthly batch of security updates, known as Patch Tuesday. 41 impressive questions to ask in a job interview
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |