The flaw, tracked as CVE-2021-31207, is present in the same platform that was at the heart of a devastating supply chain attack earlier in the year, although it hasn’t yet been exploited by cyber criminals. It’s described as a security feature bypass flaw and was discovered as part of last month’s Pwn2Own contest. This has been fixed alongside two other zero-day vulnerabilities. These are an elevation of privilege flaw in .NET and Visual Studio, tagged CVE-2021-31204, and a remote code execution flaw in Microsoft's Common Utilities component, tagged CVE-2021-31200. Adobe fixes Reader bug under attack