Early 2021, Kaspersky’s researchers, upon further analysis into the already reported CVE-2021-1732 exploit used by the Bitter APT group, have managed to discover another zero-day exploit. They are currently unable to link this exploit to any known threat actor.
A zero-day vulnerability is basically an unknown software bug. Upon identification and discovery, they allow attackers to conduct malicious activities in the shadows, resulting in unexpected and destructive consequences.
While analysing the CVE-2021-1732 exploit, Kaspersky experts found another such zero-day exploit and reported it to Microsoft in February. After confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.
According to the researchers, this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit, found in Desktop Window Manager, allowing the attackers to execute arbitrary code on a victim’s machine.
It is likely that the exploit is used together with other browser exploits to escape sandboxes or obtain system privileges for further access.
Kaspersky’s initial investigation has not revealed the full infection chain, so it is yet not known whether the exploit is used with another zero-day or coupled with known, patched vulnerabilities.
“The exploit was initially identified by our advanced exploit prevention technology and related detection records,” comments Boris Larin, security expert at Kaspersky.
A patch for the elevation of privilege vulnerability CVE-2021-28310 was released on 13 April 2021.