Security researchers are warning of a sequence of really focused attacks designed to compromise target networks by using Google Chrome and Microsoft Windows zero-working day exploits.
The attackers are imagined to have initially exploited the now-patched CVE-2021-21224 distant code execution bug in Chrome.
The 2nd phase was an elevation of privilege exploit connected to two separate vulnerabilities in the Microsoft Windows OS kernel. The 1st, CVE-2021-31955, can lead to disclosure of sensitive kernel facts, even though the next, CVE-2021-31956, is a heap-based buffer overflow bug.
Kaspersky claimed that attackers CVE-2021-31956 together with the Windows Notification Facility (WNF) to produce arbitrary memory read/compose primitives and execute malware modules with program privileges.
The moment they’ve attained a foothold in sufferer networks by exploiting these three flaws, the stager modules execute a more sophisticated malware dropper from a remote server, which in convert installs to executables masquerading as legitimate Windows files.
Just one of these is a remote shell module designed to down load and upload data files, create procedures, lie dormant for periods of time, and delete alone from the contaminated program, Kaspersky claimed.
Microsoft patched the two vulnerabilities in this week’s Patch Tuesday security update spherical although Google has currently set the Chrome flaw.
The investigate team has however to url the attacks to any regarded danger actor, so is dubbing the team driving it “PuzzleMaker.”
“Overall, of late, we have been looking at several waves of significant-profile danger activity remaining driven by zero-day exploits. It’s a reminder that zero times keep on to be the most helpful strategy for infecting targets,” argued Boris Larin, senior security researcher at Kaspersky’s World-wide Investigation and Analysis Staff (Good).
“Now that these vulnerabilities have been built publicly recognised, it’s achievable that we’ll see an improve of their utilization in attacks by this and other danger actors. That suggests it is very important for people to down load the latest patch from Microsoft as quickly as achievable.”
Some elements of this short article are sourced from: