• About
  • Subscribe
  • Contact
Friday, May 9, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

FutureCIO Security alert: new zero-day exploit in Desktop Window Manager

FutureCIO Editors by FutureCIO Editors
April 15, 2021
Photo by Pixabay from Pexels: https://www.pexels.com/photo/security-logo-60504/

Photo by Pixabay from Pexels: https://www.pexels.com/photo/security-logo-60504/

A zero-day vulnerability is an unknown software bug. Upon identification and discovery, they allow attackers to conduct malicious activities in the shadows, resulting in unexpected and destructive consequences.

Anand Puri, a principal researcher with Qualys, says the CVE-2021-28310 is an “out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe).” Microsoft has given this CVE a temporal score of 7.2 from the vendor and should be prioritized for patching.

Hold it! Tracing steps!

While analysing the CVE-2021-1732 exploit, Kaspersky experts found another such zero-day exploit and reported it to Microsoft in February 2021. After confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.

Used in the wild, this exploit is an escalation privilege (EoP) exploit, found in Desktop Window Manager, allowing the attackers to execute arbitrary code on a victim’s machine.

Kaspersky theorises that the exploit is used together with other browser exploits to escape sandboxes or obtain system privileges for further access. The company said its initial investigation has not revealed the full infection chain. Meaning not enough is known about the exploit, including whether the exploit is used with another zero-day or coupled with known, patched vulnerabilities.

In his blog, Paturi said “BITTER APT group is suspected of exploiting this CVE in the wild.” This is the same conclusion reached by Kaspersky researchers.

“The exploit was initially identified by our advanced exploit prevention technology and related detection records,” commented Boris Larin, security expert at Kaspersky.

Sammy Migues, principal scientist, Synopsys Software Integrity Group, has his own theories about the exploit. He opines that for this zero-day, the attacker needs to get on the machine and run malware or get a local user to run malware on the attacker's behalf.

“That means all your basic IT security needs to be solid, so ensure all user apps are up to date, your anti-phishing training is done, your endpoint security and exfiltration protection elements are up to date, your endpoint least privilege mechanisms are also up to date, and so on,” he cautioned.

Patching

A patch for the elevation of privilege vulnerability CVE-2021-28310 was released on April 13th, 2021. Kaspersky products detect this exploit with the following verdicts:

  • HEUR:Exploit.Win32.Generic
  • HEUR:Trojan.Win32.Generic
  • PDM:Exploit.Win32.Generic

Pre-emptive strategy

Synopsys’ Migues suggested to immediately examine systems looking for indicators of compromise and take appropriate actions if you find anything.

“You can wait for the patch and then patch. While you're waiting for the patch, you can ensure you have an accurate list of all the things that need to be patched when the patch arrives (and if you can't make that list then you need to work on your asset inventory capabilities),” he continued.

Kaspersky recommends

  • Install patches for the new vulnerability as soon as possible. Once it is downloaded, threat actors can no longer abuse the vulnerability.
  • Vulnerability and patch management capabilities in an endpoint protection solution can significantly simplify the task for IT security managers.
  • Provide your SOC team with access to the latest threat intelligence (TI).
  • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage.

Click here for more details about the CVE as listed by NIST (National Institute of Standards and Technology) in the US.

Related:  Complexity and validation: the bane of Philippine lenders
Tags: CISOFutureCISOKasperskyNISTpatchingQualysSynopsys Software Integrity Groupzero-day exploit
FutureCIO Editors

FutureCIO Editors

No Result
View All Result

Recent Posts

  • AI drives cloud market growth in Q1
  • ARTHALAND chooses OutSystems to advance real estate sustainability
  • Experts warn against AI-powered deepfake impersonation scams
  • Dropbox updates universal search and knowledge management product
  • Agentic AI-powered AppSec platform launched for the AI era

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe