Kaspersky reports that highly targeted attacks are using Microsoft Windows and Chrome zero-days

Experts at Kaspersky, earlier this year, had discovered several highly targeted attacks against multiple companies utilising a previously undiscovered chain of Microsoft Windows and Google Chrome zero-day exploits. The two exploited vulnerabilities in the Microsoft Windows OS kernel were Elevation of Privilege vulnerability CVE-2021-31956 and Information Disclosure vulnerability CVE-2021-31955. While Google Chrome was used for remote code execution in one of the exploits. [caption id=“attachment_5519651” align=“alignnone” width=“1280”] Patch Tuesday is a general term used when Microsoft, Adobe, Oracle, and others regularly release software patches (updates) for their software products.[/caption] Yesterday, 21 June, as a part of Patch Tuesday, Microsoft finally patched both attacks. To recall, Patch Tuesday is a general term used when Microsoft, Adobe, Oracle, and others regularly release software patches (updates) for their software products. While Kaspersky researchers couldn’t retrieve remote execution code for the exploit, they suggested that attackers may have used CVE-2021-21224 vulnerability, related to a Type Mismatch bug in the V8. They also discovered and analysed the second exploit in the Microsoft Windows OS kernel which had two vulnerabilities. The first, named CVE-2021-31955, is an Information Disclosure vulnerability that leads to leaking sensitive kernel information. The second is an Elevation of Privilege vulnerability that allows attackers to exploit the kernel and gain elevated access to the computer. It is named CVE-2021-31956. Experts at Kaspersky recommend various ways to protect your organisation from attacks exploiting the aforementioned vulnerabilities. You must update your Chrome browser and Microsoft Windows regularly. Use a reliable endpoint security solution such as Kaspersky Endpoint Security for Business that is powered by exploit prevention, behavior detection, and a remediation engine that can roll back malicious actions. Also, install anti-APT and EDR solutions, enabling capabilities for threat discovery and detection, investigation, and timely remediation of incidents. Upskill your SOC team with professional training and provide them access to the latest threat intelligence. “Now that these vulnerabilities have been made publicly known, it’s possible that we’ll see an increase of their usage in attacks by this and other threat actors. That means it’s very important for users to download the latest patch from Microsoft as soon as possible,” comments Boris Larin, Senior Security Researcher with the Global Research and Analysis Team (GreAT).