One of the zero-day bugs is being actively exploited. Cybersecurity company Kaspersky has traced the malware to several espionage campaigns against IT businesses, military contractors, and diplomatic entities. Microsoft released the patches on Tuesday, October 12, as part of the company’s “Patch Tuesday.” This is a monthly occurrence where the company releases a series of security patches for its various services, and it typically happens on the second Tuesday of the month.
Patch Fixes a Widely Exploited Zero-Day Bug
The patch addresses the zero-day in the wild exploit CVE-2021-40449. Earlier, researchers at Kaspersky warned Microsoft of the exploit. They found that it affects the Win32k kernel driver, and linked its accompanying malware payload to “widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities.” Kaspersky named the cluster of activity MysterySnail. It said the attacks were connected to “IronHusky and Chinese-speaking APT activity dating back to 2012.” Experts stressed the need to immediately address the MysterySnail RAT (Remote Access Trojan). Bharat Jogi of IT security provider Qualsys told Threatpost that “MysterySnail has the potential to collect and exfiltrate system information from compromised hosts, in addition to other malicious users having the ability to gain complete control of the affected system and launch further attacks.”
List of Additional Critical Vulnerabilities Addressed
The patch fixed three other zero-day exploits. These are:
CVE-2021-41338 (CVSS 5.5): a Windows AppContainer Firewall bug that allowed malicious actors to work around established security features. CVE-2021-40469 (CVSS 7.2): a Remote Code Execution (RCE) vulnerability in Windows DNS Server. CVE-2021-41335 (CVSS 7.8): an elevation of privilege vulnerability, which grants higher access to users to are not granted the requisite privilege by their organization, in Windows Kernel.
Microsoft also released patches for three other critical exploits, which could lead to remote code execution. One of these bugs affects Microsoft Word, while the others target Hyper-V.
Microsoft’s Recent History with High Profile Cyber Attacks
In recent months, Microsoft’s enviable arsenal of widely popular products has faced an onslaught of cyberattacks. Some of the recent high profile incidents are listed below:
The Microsoft Exchange server attack from earlier this year affected a wide range of global enterprises. In fact, many cybercriminals still benefit from the incident. It was later found that Chinese state-backed attackers were behind the hack. The US, UK, and EU issued statements condemning the Chinese government’s role in the event. In September, it was reported that Microsoft Office faced a high-risk software exploit, which could completely comprise a vulnerable system. Microsoft’s Visual Studio was threatened by a code-injection vulnerability. In August, the company’s cloud computing service Azure warned users of exposed databases.