Microsoft patches actively exploited Desktop Window Manager flaw

The latest Patch Tuesday round of updates include fixes for 114 vulnerabilities, including five zero-days

Microsoft has a critical vulnerability in Windows Desktop Manager that’s been actively exploited by cyber criminals as part of its latest Patch Tuesday wave of fixes.

The vulnerability tracked as CVE-2021-28310 is an escalation of privilege exploit in the Desktop Window Manager component of Windows 10 that’s likely being used in a chain alongside other exploits to seize control of victims’ devices.

The flaw is an out-of-bounds write vulnerability in dwmcore.dll, which is part of the Desktop Window Manager executable, according to researchers with Kaspersky’s SecureList. 

To exploit the flaw, hackers will need to have already logged into a system, or trick users into running code on their behalf, further fuelling assertions that it’s being used in chain attacks with other known vulnerabilities.

The flaw was patched alongside four other publicly exposed vulnerabilities that haven’t yet been exploited, to the best of Microsoft’s knowledge, including CVE-2021-27091, CVE-2021-28312, CVE-2021-28437 and CVE-2021-28458.

The first of these four is another escalation of privilege vulnerability present in the RPC Endpoint Mapper Service, while the second is a denial of service flaw in Windows NTFS, the primary file service for the Windows operating system. The third vulnerability is an information disclosure vulnerability in Windows Installer while the final flaw is another elevation of privilege vulnerability in the ms-rest-nodeauth component of Azure.

These bugs have been fixed among 114 vulnerabilities, with 19 critical bugs and 88 tagged as being important. These also include four critical Microsoft Exchange Server vulnerabilities discovered by the NSA.

The fixes apply to Exchange Server versions 2013, 2016 and 2019, and are said to be a different set of vulnerabilities to those which were discovered as being actively exploited earlier this year.

The White House has intervened as a result of their discovery, urging all agencies to install the patches immediately as they “pose an unacceptable risk” to the government.

“Two of the four vulnerabilities (CVE-2021-28480, CVE-2021-28481) are pre-authentication, meaning an attacker does not need to authenticate to the vulnerable Exchange server to exploit the flaw,” said staff research engineer with Tenable, Satnam Narang. “With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately.

Related Resource

IT Pro 20/20: Meet the companies leaving the office for good

The 15th issue of IT Pro 20/20 looks at the nature of operating a business in 2021

IT Pro 20/20: Leaving the office for goodDOWNLOAD NOW

"Microsoft also patched CVE-2021-28310, a Win32k Elevation of Privilege vulnerability that was exploited in the wild as a zero-day. Exploitation of this vulnerability would give the attacker elevated privileges on the vulnerable system.

"This would allow an attacker to execute arbitrary code, create new accounts with full privileges, access and/or delete data and install programs. Elevation of Privilege vulnerabilities is leveraged by attackers post-compromise, once they’ve managed to gain access to a system in order to execute code on their target systems with elevated privileges."

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now


New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop

16 ways to speed up your laptop

29 Apr 2021