Microsoft and Adobe fix zero-day flaws exploited by hackers


Both vulnerabilities target Windows users in real attacks. It is strongly recommended to update your software.

Microsoft has just released the fixes for its traditional Patch Tuesday. Among the 11 critical vulnerabilities listed is an elevation of privilege (CVE-2021-1732) in the Windows kernel, in this case the win32kfull.sys file which controls the hardware by the operating system. “It can be used to escape the sandbox of Microsoft’s browser or Acrobat Reader on the latest versions of Windows 10. This vulnerability is of high quality and its exploitation is sophisticated”, point out researchers from DBAPPSecurity Threat Intelligence Center, who found it.

This flaw is all the more dangerous as it is actively exploited by “Bitter APT”, a group of hackers probably located in South Asia. This flaw was detected in December 2020 in one of the malware that this group was using to target Chinese people or organizations. For its part, Adobe has just published a fix for a buffer overflow (CVE-2021-21017) allowing the execution of arbitrary code in Acrobat Reader. Again, this vulnerability is actively used to infect Windows users, without further details. It is not known if the two flaws are related, but it is clear that they would complement each other perfectly.

Source : Hacker News

Share post:


More like this

Inter: Romelu Lukaku expected no later than Thursday in Milan

Leaving Inter last summer to join Chelsea, Romelu Lukaku...

DP Ruto blames Raila for high cost of unga

Deputy President William Ruto has said Azimio presidential...

Juventus finalize the arrival of Angel Di Maria

After weeks of negotiations that yielded nothing, Juventus has...

JT Foot Transfer market: Barça accelerates on the transfer window

On the program of this JT Foot Transfer market:...