Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers. Microsoft reported a total of 74 vulnerabilities, three of which are rated critical. MysterySnail Exploits Win32K Bug Security researchers pointed to CVE-2021-40449, an elevation of privilege vulnerability in Win32k, as standing out from the crowd of patches, given that It’s been exploited in the wild as a zero-day. This summer, Kaspersky researchers discovered that the exploit was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat (APT) campaign from the APT IronHusky. The exploit chain ended with a freshly discovered remote access trojan (RAT) dubbed MysterySnail being installed on compromised servers, with the goal of stealing data. Bharat Jogi, Qualsys senior manager of vulnerability and threat research, told Threatpost on Tuesday that if left unpatched, “MysterySnail has the potential to collect and exfiltrate system information from compromised hosts, in addition to other malicious users having the ability to gain complete control of the affected system and launch further attacks.” Jay Goodman, Automox director of product marketing, told Threatpost via email that these kinds of privilege elevation attacks “can be used to access beyond what the current user…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-10-12 17:51:002021-10-12 17:51:00Microsoft October 2021 Patch Tuesday Squashes 4 Zero-Day Bugs
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com