Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
CVE-2021-28310: A broken window
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CVE-2021-28310: A broken window
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 12,927
Threads: 8,885
Thanks Received: 8,764 in 6,923 posts
Thanks Given: 9,657
Joined: 12 September 18
#1
Exclamation  16 April 21, 06:30
Quote:
[Image: cve-2021-28310-featured.jpg]

A zero-day vulnerability in Microsoft Windows may already have been exploited.

Kaspersky researchers have found a zero-day vulnerability (CVE-2021-28310) in a Microsoft Windows component called Desktop Window Manager (DWM). We believe several threat actors have already exploited the vulnerability. Microsoft just released the patch, and we suggest applying it immediately. Here’s why.

What is Desktop Window Manager?

Pretty much everyone is familiar with the windowed interface of modern operating systems:  each program opening in a separate window that doesn’t necessarily take up the whole screen. Windows may overlap, for example, one casting a shadow over others as if it were physically blocking the light. In Microsoft Windows, the component responsible for rendering features such as shadows and transparency is Desktop Window Manager.

To understand why Desktop Window Manager is important in a cybersecurity context, consider that programs don’t just draw their windows on the screen; they put the necessary information in a buffer. Desktop Window Manager grabs that information from each program’s buffer and creates the overall composite view that the user sees. When a user moves one window over another, the open programs don’t know anything about whether their windows should be casting a shadow or having a shadow cast on them, for example. Desktop Window Manager does that job, and as such it is a key service in Windows that has existed in every version of Windows since Vista — and cannot be deactivated in Windows 8 or later versions.

Desktop Window Manager’s vulnerability

The vulnerability our advanced exploit prevention technology discovered is an elevation of privilege vulnerability. That means a program can trick Desktop Window Manager into giving it access that it shouldn’t have. In this case, the vulnerability allowed the attackers to execute arbitrary code on victims’ machines — it essentially gave them full control over the computers.

How to avoid CVE-2021-28310 exploitation

It’s critical to act quickly. Here’s what you can do: ...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Thunderbird Supernova 115.11.0
Thunderbird Supern...harlan4096 — 09:41
Google Chrome 125.0.6422.60/.61
Google Chrome 125....harlan4096 — 09:35
AdGuard for Mac 2.14.1
AdGuard for Mac 2....harlan4096 — 09:21
AdGuard VPN for Windows 2.3.1
AdGuard VPN for Wi...harlan4096 — 09:20
Vivaldi Stable 6.7 (3329.31)
Vivaldi Stable 6.7...harlan4096 — 09:15

[-]
Birthdays
Today's Birthdays
avatar (47)contjrat
Upcoming Birthdays
avatar (26)akiratoriyama
avatar (46)Jerrycix
avatar (38)awedoli
avatar (80)WinRARHowTo
avatar (37)axuben
avatar (38)ihijudu
avatar (48)Mirzojap
avatar (34)idilysaju
avatar (38)GregoryRog
avatar (38)odukoromu
avatar (44)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>