🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Advisory |
Vulnerability Intelligence |
Vulnerability Type |
Privilege Escalation |
CVE ID |
CVE-2021-1732 |
CVSSv3 |
7.8 High Risk |
Target |
Windows 10 & Windows Server 2019 |
CVE-2021-1732 is a local privilege escalation zero-day vulnerability, that is leveraged by an APT in their ongoing campaigns targeting Windows infrastructure. The attacker exploits a memory bug in the Windows kernel leading to privilege elevation and code execution on the target machine.
CVE-2021-1732 exists as a result of a memory corruption bug in one of the components (Win32K) in the Windows kernel; upon exploitation, it may trigger out-of-bounds access. Successful exploitation of the bug will give the attacker the ability to obtain System Token that grants the highest privilege to any process in Windows environment leading to potential escalation of privilege from normal user to kernel level which is equivalent to a root user in Linux. The malicious actor pairs this vulnerability with RCE to execute commands on the system with elevated privileges.
Very recently, reports emerged about an APT group dubbed Bitter APT that exploited this bug in their campaigns using the 0-day exploit code.
The table given below summarises affected Windows platforms and the respective build versions:
Windows Platform |
Build Version |
Windows 10 | 20H2, 1507, 1511,1607, 1703,1709,1803,1809,1903,1909,2004 |
Windows Server 2019 | 20H2,1909,2004 |
MSRC has rolled out patches in their latest release of Patch Tuesday (February 09 2021):
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1732