Microsoft has rolled out a new series of updates for Windows. These updates consist mainly of batches for security problems. One of these vulnerabilities has already been exploited.
The bug in question is CVE-2021-1732. It concerns a bug in Win32k which allowed elevated privileges. ZDNet writes that attackers could use the bug to gain access to computers at SYSTEM level. According to Chinese security firm DBAPPSecurity, the zero-day was used to attack targets in Pakistan and China.
DBAPPSecurity says the first signs of an exploit for the zero-day date back to May 2020, targeting version 1909 of Windows 10. Later versions of the operating system, such as 20H2, were also found to be vulnerable. The security company was clearly impressed by the exploit and says that by carefully using it, the attacker was able to avoid detection for 7 months. The company called the exploit high quality and sophisticated.
Other problems fixed in the update include six vulnerabilities in Windows that were not actively exploited.
Microsoft releases a series of updates every second Tuesday of the month with which it closes security holes. This update round is also known as “Patch Tuesday”. In January, Microsoft used this update round to close a zero-day in Microsoft Defender. Attackers could use the vulnerability to gain access to the rest of the system.