DWM Zeroday
Share this:
The bug was accidentally found by the security researchers at Kaspersky in February of this year while they were studying another known flaw (CVE-2021-1732); this new problem was then referred to Microsoft and classified by code CVE-2021-28310.
Researchers claimed that this newly-discovered critical zero-day vulnerability, CVE-2021-28310 was abused in the wild by the attackers. This flaw is an Escalation of Privilege (EoP) which is detected in DWM
This exploit was used in the wild by several threat actors. This is an Escalation of Privilege (EoP) that allows attackers to execute arbitrary code on the victim’s device.
The Desktop Window Manager composes the application windows screen before drawing it on your screen. This allows Windows to add effects like transparency and live taskbar thumbnails. So, this process is a vital part of Windows that you can’t prevent from running.
The DWM clutches all the necessary information from the buffer of each program and formulates the composite view of the overall interface that the user perceives.
The “CVE-2021-28310” is a privilege escalation bug, and abusing this flaw an attacker can easily evade the operating system’s user levelling systems and become an administrator to perform abstruser actions on the affected PC.
The hacking groups that are specialized in targeted attacks were already actively abusing this bug along with other known weaknesses to hack into other user’s systems without being detected by security tools.
