IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft patches actively exploited Desktop Window Manager flaw

The latest Patch Tuesday round of updates include fixes for 114 vulnerabilities, including five zero-days

Microsoft has a critical vulnerability in Windows Desktop Manager that’s been actively exploited by cyber criminals as part of its latest Patch Tuesday wave of fixes.

The vulnerability tracked as CVE-2021-28310 is an escalation of privilege exploit in the Desktop Window Manager component of Windows 10 that’s likely being used in a chain alongside other exploits to seize control of victims’ devices.

The flaw is an out-of-bounds write vulnerability in dwmcore.dll, which is part of the Desktop Window Manager executable, according to researchers with Kaspersky’s SecureList. 

To exploit the flaw, hackers will need to have already logged into a system, or trick users into running code on their behalf, further fuelling assertions that it’s being used in chain attacks with other known vulnerabilities.

The flaw was patched alongside four other publicly exposed vulnerabilities that haven’t yet been exploited, to the best of Microsoft’s knowledge, including CVE-2021-27091, CVE-2021-28312, CVE-2021-28437 and CVE-2021-28458.

The first of these four is another escalation of privilege vulnerability present in the RPC Endpoint Mapper Service, while the second is a denial of service flaw in Windows NTFS, the primary file service for the Windows operating system. The third vulnerability is an information disclosure vulnerability in Windows Installer while the final flaw is another elevation of privilege vulnerability in the ms-rest-nodeauth component of Azure.

These bugs have been fixed among 114 vulnerabilities, with 19 critical bugs and 88 tagged as being important. These also include four critical Microsoft Exchange Server vulnerabilities discovered by the NSA.

The fixes apply to Exchange Server versions 2013, 2016 and 2019, and are said to be a different set of vulnerabilities to those which were discovered as being actively exploited earlier this year.

The White House has intervened as a result of their discovery, urging all agencies to install the patches immediately as they “pose an unacceptable risk” to the government.

“Two of the four vulnerabilities (CVE-2021-28480, CVE-2021-28481) are pre-authentication, meaning an attacker does not need to authenticate to the vulnerable Exchange server to exploit the flaw,” said staff research engineer with Tenable, Satnam Narang. “With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately.

Related Resource

IT Pro 20/20: Meet the companies leaving the office for good

The 15th issue of IT Pro 20/20 looks at the nature of operating a business in 2021

IT Pro 20/20: Leaving the office for goodDOWNLOAD NOW

"Microsoft also patched CVE-2021-28310, a Win32k Elevation of Privilege vulnerability that was exploited in the wild as a zero-day. Exploitation of this vulnerability would give the attacker elevated privileges on the vulnerable system.

"This would allow an attacker to execute arbitrary code, create new accounts with full privileges, access and/or delete data and install programs. Elevation of Privilege vulnerabilities is leveraged by attackers post-compromise, once they’ve managed to gain access to a system in order to execute code on their target systems with elevated privileges."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?

Should you take your password manager off the internet?

28 Jul 2022