Mrs. Christiana Kozakou, is the Head of Marketing at Odyssey Cybersecurity, where she leads and oversees strategic marketing efforts for Odyssey and ClearSkies brands around the globe. Her expertise lies in designing and coordinating 360-degree marketing campaigns and crafting effective marketing penetration strategies for exploring new markets. Mrs. Kozakou is a dynamic professional driven by her passion for unleashing potential in every endeavour, leading a team of creative marketers, working together towards one goal: to give voice to Odyssey and its people so the world can become a cyber safer place. Throughout her 10 years career, Mrs. Kozakou has served in key roles in Advertising, Business Development and Digital Marketing in International companies. A fervent believer in empowering women, she served as a dedicated volunteer for IWIB’s International Team, fostering growth and opportunities for aspiring leaders. Her educational background boasts a Master of Business Administration (MBA), Bachelor’s degrees in Marketing and Sociology.
New 0-Day Vulnerabilities Affecting Microsoft Windows Components Actively Exploited In The Wild
Threat Level Description
Threat Level: High - An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.
Description
We have observed that 4 new 0-Day vulnerabilities that are actively exploited in the wild, alongside with a number of remote code execution bugs, affecting Microsoft Windows components, have been identified.
An attacker, by exploiting these vulnerabilities, could cause remote code execution, escalate his/hers access privileges and finally compromise the affected system.
The four zero-days identified are:
• CVE-2021-40449 (CVSS score: 7.8) – Win32k Elevation of Privilege Vulnerability
• CVE-2021-41335 (CVSS score: 7.8) – Windows Kernel Elevation of Privilege Vulnerability
• CVE-2021-40469 (CVSS score: 7.2) – Windows DNS Server Remote Code Execution Vulnerability
• CVE-2021-41338 (CVSS score: 5.5) – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
The 0-day vulnerability CVE-2021-40449, is a use-after-free vulnerability in the Win32k kernel driver that is actively exploited in the wild from August, as part of a widespread espionage campaign targeting IT companies, defense contractors, and diplomatic entities.
Furthermore, a number of remote code execution vulnerabilities have been disclosed affecting Microsoft Exchange Server (CVE-2021-26427), Windows Hyper-V (CVE-2021-38672 and CVE-2021-40461), SharePoint Server (CVE-2021-40487 and CVE-2021-41344), and Microsoft Word (CVE-2021-40486).
Malicious actors have been found using the critical flaw CVE-2021-26427 in Microsoft Exchange Server, in order to target business networks.
Note that Microsoft has rolled out the relevant security patches.
CVE(s)
CVE-2021-40449
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.
CVE-2021-41335
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-40469
Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-41338
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
CVE-2021-26427
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-38672
Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40461.
CVE-2021-40461
Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672.
CVE-2021-40487
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.
CVE-2021-41344
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487.
CVE-2021-40486
Microsoft Word Remote Code Execution Vulnerability
Affected Systems
Recommendation(s)
You should immediately proceed and implement the latest updates and patches provided by Microsoft and other vendors.
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.
References
- https://thehackernews.com/2021/10/update-your-windows-pcs-immediately-to.html
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40469
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41335
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41338
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26427
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38672
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40461
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41344
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40487
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40486
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40454
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41332
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36970