Kaspersky reports highly targeted attacks using Microsoft Windows and Chrome zero-days- Technology News, Firstpost
PF trendJun 22, 2021 6:28:19 PM IST
Kaspersky experts earlier this year uncovered several highly targeted attacks against multiple companies using a previously unknown Microsoft Windows and Google Chrome zero-day exploit chain. The two vulnerabilities exploited in the Microsoft Windows operating system core were the CVE-2021-31956 elevation of privilege vulnerability and the CVE-2021-31955 information disclosure vulnerability. While Google Chrome was used for remote code execution in one of the exploits.
Patch Tuesday is a general term used when Microsoft, Adobe, Oracle, and others regularly release software patches (updates) for their software products.
Yesterday June 21, as part of Patch Tuesday, Microsoft finally corrected the two attacks.
As a reminder, Patch Tuesday is a general term used when Microsoft, Adobe, Oracle and others regularly release software patches (updates) for their software products.
Although Kaspersky researchers were unable to retrieve the remote execution code for the exploit, they suggested that the attackers may have used the CVE-2021-21224 vulnerability, which is related to a Type Mismatch bug in V8 .
They also discovered and analyzed the second Microsoft Windows operating system kernel exploit that had two vulnerabilities. The first, named CVE-2021-31955, is an information disclosure vulnerability that causes sensitive kernel information to be leaked. The second is an elevation of privilege vulnerability that allows attackers to exploit the kernel and gain elevated access to the computer. It is named CVE-2021-31956.
Kaspersky experts recommend various ways to protect your organization against attacks exploiting the aforementioned vulnerabilities. You should update your Chrome and Microsoft Windows browser regularly. Use a reliable endpoint security solution, such as Kaspersky Endpoint Security for Business, which relies on exploit prevention, behavior detection, and a remediation engine that can roll back malicious actions. Also install anti-APT and EDR solutions, enabling capabilities for threat discovery and detection, investigation and rapid incident resolution. Upskill your SOC team with professional training and give them access to the latest threat intelligence.
“Now that these vulnerabilities have been made public, it is possible that we will see an increase in their use in attacks by this actor and other threat actors. This means that it is very important for users to download the latest patch from Microsoft as soon as possible,” comments Boris Larin, Senior Security Researcher with the Global Research and Analysis Team (GreAT).
Comments are closed.