Sourced from International IDEA
Kaspersky has discovered another zero-day exploit, however, researchers are currently unable to link this exploit to any known threat actor.
This kind of vulnerability is basically an unknown software bug – upon identification and discovery, they allow attackers to conduct malicious activities in the shadows, resulting in unexpected and destructive consequences.
While analysing the CVE-2021-1732 exploit, Kaspersky researchers found another such zero-day exploit and reported it to Microsoft in February. After confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.
According to the researchers, this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit, found in Desktop Window Manager, allowing the attackers to execute arbitrary code on a victim’s machine.