Microsoft patches actively exploited Windows zero-day flaw
Microsoft has patched 56 flaws in its latest Patch Tuesday round of fixes including a critical vulnerability in the win32k component of Windows 10 that could allow hackers to escalate privileges on a targeted device.
The critical zero-day flaw, tracked as CVE-2021-1732, is under active exploitation and is rated 7.8 on the CVSS threat severity scale. It’s been exploited to allow hackers to run malicious code on a targeted system with elevated privileges, according to researchers with DBAPPSecurity, who first discovered the flaw.
The “high quality” and “sophisticated” exploit relies on a win32k callback that can be used to escape the sandbox of the Internet Explorer or Adobe Reader apps. It can be triggered on the latest version of Windows 10.