Microsoft patches actively exploited Desktop Window Manager flaw

The latest Patch Tuesday round of updates include fixes for 114 vulnerabilities, including five zero-days

Microsoft has a critical vulnerability in Windows Desktop Manager that’s been actively exploited by cyber criminals as part of its latest Patch Tuesday wave of fixes.

The vulnerability tracked as CVE-2021-28310 is an escalation of privilege exploit in the Desktop Window Manager component of Windows 10 that’s likely being used in a chain alongside other exploits to seize control of victims’ devices.

The flaw is an out-of-bounds write vulnerability in dwmcore.dll, which is part of the Desktop Window Manager executable, according to researchers with Kaspersky’s SecureList. 

To exploit the flaw, hackers will need to have already logged into a system, or trick users into running code on their behalf, further fuelling assertions that it’s being used in chain attacks with other known vulnerabilities.

The flaw was patched alongside four other publicly exposed vulnerabilities that haven’t yet been exploited, to the best of Microsoft’s knowledge, including CVE-2021-27091, CVE-2021-28312, CVE-2021-28437 and CVE-2021-28458.

The first of these four is another escalation of privilege vulnerability present in the RPC Endpoint Mapper Service, while the second is a denial of service flaw in Windows NTFS, the primary file service for the Windows operating system. The third vulnerability is an information disclosure vulnerability in Windows Installer while the final flaw is another elevation of privilege vulnerability in the ms-rest-nodeauth component of Azure.

These bugs have been fixed among 114 vulnerabilities, with 19 critical bugs and 88 tagged as being important. These also include four critical Microsoft Exchange Server vulnerabilities discovered by the NSA.

The fixes apply to Exchange Server versions 2013, 2016 and 2019, and are said to be a different set of vulnerabilities to those which were discovered as being actively exploited earlier this year.

The White House has intervened as a result of their discovery, urging all agencies to install the patches immediately as they “pose an unacceptable risk” to the government.

“Two of the four vulnerabilities (CVE-2021-28480, CVE-2021-28481) are pre-authentication, meaning an attacker does not need to authenticate to the vulnerable Exchange server to exploit the flaw,” said staff research engineer with Tenable, Satnam Narang. “With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately.

Related Resource

IT Pro 20/20: Meet the companies leaving the office for good

The 15th issue of IT Pro 20/20 looks at the nature of operating a business in 2021

IT Pro 20/20: Leaving the office for goodDOWNLOAD NOW

"Microsoft also patched CVE-2021-28310, a Win32k Elevation of Privilege vulnerability that was exploited in the wild as a zero-day. Exploitation of this vulnerability would give the attacker elevated privileges on the vulnerable system.

"This would allow an attacker to execute arbitrary code, create new accounts with full privileges, access and/or delete data and install programs. Elevation of Privilege vulnerabilities is leveraged by attackers post-compromise, once they’ve managed to gain access to a system in order to execute code on their target systems with elevated privileges."

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021