{"uuid": "6c81687b-cffd-49c4-bddf-e5d353834ec5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-40449", "type": "published-proof-of-concept", "source": "https://t.me/auraxchan/29075", "content": "MysterySnail attacks with Windows zero-day: In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, but closer analysis revealed that it was a zero-day. We discovered that it was using a previously unknown vulnerability in the Win32k driver and exploitation relies heavily on a technique to leak the base addresses of kernel modules. We promptly reported these findings to Microsoft. The information disclosure portion of the exploit chain was identified as not bypassing a security boundary, and was therefore not fixed. Microsoft assigned CVE-2021-40449 to the use-after-free vulnerability in the Win32k kernel driver and it was patched on October 12, 2021, as a part of the October Patch Tuesday.\n\nhttps://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/\n\n@auraxchan", "creation_timestamp": "2021-10-13T17:48:51.000000Z"}