image
Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers. Microsoft reported a total of 74 vulnerabilities, three of which are rated critical. MysterySnail Exploits Win32K Bug Security researchers pointed to CVE-2021-40449, an elevation of privilege vulnerability in Win32k, as standing out from the crowd of patches, given that It’s been exploited in the wild as a zero-day. This summer, Kaspersky researchers discovered that the exploit was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat (APT) campaign from the APT IronHusky. The exploit chain ended with a freshly discovered remote access trojan (RAT) dubbed MysterySnail being installed on compromised servers, with the goal of stealing data. Bharat Jogi, Qualsys senior manager of vulnerability and threat research, told Threatpost on Tuesday that if left unpatched, “MysterySnail has the potential to collect and exfiltrate system information from compromised hosts, in addition to other malicious users having the ability to gain complete control of the affected system and launch further attacks.” Jay Goodman, Automox director of product marketing, told Threatpost via email that these kinds of privilege elevation attacks “can be used to access beyond what the current user…

Source