CVE-2021-1732 Windows 0-Day Threat Intel Advisory

Published 26 February 2021


  • CVE-2021-1732 is a local privilege escalation zero-day vulnerability that targets Windows infrastructure
  • Exploiting a memory bug in the Windows kernel leads to privilege elevation and code execution on the target machine

Share this Threat Intel:

 

Advisory
Vulnerability Intelligence
Vulnerability Type
Privilege Escalation
CVE ID
CVE-2021-1732
CVSSv3
7.8 High Risk
Target
Windows 10 & Windows Server 2019

 

Executive Summary

CVE-2021-1732 is a local privilege escalation zero-day vulnerability, that is leveraged by an APT in their ongoing campaigns targeting Windows infrastructure. The attacker exploits a memory bug in the Windows kernel leading to privilege elevation and code execution on the target machine. 

Technical Details

CVE-2021-1732 exists as a result of a memory corruption bug in one of the components (Win32K) in the Windows kernel; upon exploitation, it may trigger out-of-bounds access. Successful exploitation of the bug will give the attacker the ability to obtain System Token that grants the highest privilege to any process in Windows environment leading to potential escalation of privilege from normal user to kernel level which is equivalent to a root user in Linux. The malicious actor pairs this vulnerability with RCE to execute commands on the system with elevated privileges.

Very recently, reports emerged about an APT group dubbed Bitter APT that exploited this bug in their campaigns using the 0-day exploit code.

Affected Platforms

The table given below summarises affected Windows platforms and the respective build versions:

Windows Platform
Build Version
Windows 10 20H2, 1507, 1511,1607, 1703,1709,1803,1809,1903,1909,2004
Windows Server 2019 20H2,1909,2004

Impact

  • System level privilege is the highest privilege in Windows OS, a process with system privilege can have read/ write access for any assets in the environment.
  • Only an authenticated attacker can run arbitrary code with elevated privileges.
  • Client-side vulnerabilities can be paired with this vulnerability via social engineering, to compromise the victim.

Mitigation

MSRC has rolled out patches in their latest release of Patch Tuesday (February 09 2021):

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1732

Be informed in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.

Join the Discussions

Discuss your way into our Community about these threats and stay Vigilant and informed.