The zero-day vulnerability is classified as privilege escalation in Win32k and is tracked under the identifier CVE-2021-1732. According to reports, it was exploited by the hacker group Bitter, which previously carried out a series of attacks on various organizations in China and Pakistan. According to information security company DBAPPSecurity, attackers prepared an exploit to exploit this vulnerability in May last year. It is assumed that it was developed for 64-bit versions of Windows 10 (1909), but tests have shown that the exploit works on 64-bit versions of Windows 10 20H2.

In addition to the zero-day vulnerability, the current security patch fixes dozens of other issues, including:

• CVE-2021-1722 (Denial of Service vulnerability in .NET Core and Visual Studio)

• CVE-2021-26701 (.NET Core vulnerability related to remote code execution);
• CVE-2021-1727 (Windows Installer privilege escalation vulnerability)
• CVE-2021-24106 (DirectX Information Disclosure Vulnerability).

It’s also worth noting that Microsoft’s February security patch includes fixes for three Windows TCP / IP stack vulnerabilities that were not yet known. Two of these vulnerabilities (CVE-2021-24074 and CVE-2021-24094) could be used for remote code execution, and the third (CVE-2021-24086) could be used to cause system failures. To avoid the problems that these vulnerabilities can bring, users should not delay installing the patch.

The distribution of the February Microsoft security patch has already begun. It will become available to all users soon.