Security researchers are warning of a collection of hugely specific attacks developed to compromise sufferer networks by means of Google Chrome and Microsoft Windows zero-day exploits.
The attackers are considered to have initial exploited the now-patched CVE-2021-21224 remote code execution bug in Chrome.
The second phase was an elevation of privilege exploit joined to two independent vulnerabilities in the Microsoft Windows OS kernel. The first, CVE-2021-31955, can direct to disclosure of sensitive kernel information and facts, while the second, CVE-2021-31956, is a heap-dependent buffer overflow bug.
Kaspersky claimed that attackers CVE-2021-31956 alongside the Windows Notification Facility (WNF) to make arbitrary memory read through/create primitives and execute malware modules with program privileges.
After they’ve acquired a foothold in victim networks by exploiting these three flaws, the stager modules execute a much more sophisticated malware dropper from a remote server, which in turn installs to executables masquerading as authentic Windows documents.
One of these is a remote shell module created to download and add information, build procedures, lie dormant for intervals of time, and delete alone from the contaminated technique, Kaspersky stated.
Microsoft patched both of those vulnerabilities in this week’s Patch Tuesday security update round when Google has currently fastened the Chrome flaw.
The exploration staff has nonetheless to backlink the attacks to any known menace actor, so is dubbing the group powering it “PuzzleMaker.”
“Overall, of late, we’ve been observing quite a few waves of superior-profile danger activity currently being pushed by zero-day exploits. It is a reminder that zero days carry on to be the most powerful system for infecting targets,” argued Boris Larin, senior security researcher at Kaspersky’s Worldwide Analysis and Investigation Staff (Excellent).
“Now that these vulnerabilities have been designed publicly known, it is feasible that we’ll see an maximize of their usage in assaults by this and other threat actors. That means it’s pretty significant for consumers to download the most recent patch from Microsoft as quickly as doable.”
Some parts of this article are sourced from: