Tag Microsoft

Google Unveils Unpatched and Poorly Fixed Windows 0-Day Vulnerability

Dec 24, 2020

Google’s Project Zero team has disclosed details about a poorly addressed zero-day security flaw in the Windows print spooler API, potentially allowing malicious actors to execute arbitrary code. The flaw was made public after Microsoft failed to resolve it within 90 days of responsible disclosure on September 24. Initially identified as CVE-2020-0986, the vulnerability involves an elevation of privilege exploit in the GDI Print / Print Spooler API (“splwow64.exe”) reported to Microsoft by an anonymous user collaborating with Trend Micro’s Zero Day Initiative (ZDI) in late December 2019. With no patch provided for nearly six months, ZDI publicly issued a zero-day advisory on May 19, which led to exploitation in a campaign known as “Operation PowerFall” targeting an unnamed South Korean company. “splwow64.exe” is a core Windows system binary that facilitates 32-bit application compatibility.

Google Exposes Unpatched Windows Zero-Day Vulnerability On December 24, 2020, Google’s Project Zero disclosed details about a critical yet poorly patched zero-day vulnerability within the Windows print spooler API. This flaw opens the door for malicious actors to execute arbitrary code, creating significant risks for affected systems. The decision to…

Read More

Google Unveils Unpatched and Poorly Fixed Windows 0-Day Vulnerability

Dec 24, 2020

Google’s Project Zero team has disclosed details about a poorly addressed zero-day security flaw in the Windows print spooler API, potentially allowing malicious actors to execute arbitrary code. The flaw was made public after Microsoft failed to resolve it within 90 days of responsible disclosure on September 24. Initially identified as CVE-2020-0986, the vulnerability involves an elevation of privilege exploit in the GDI Print / Print Spooler API (“splwow64.exe”) reported to Microsoft by an anonymous user collaborating with Trend Micro’s Zero Day Initiative (ZDI) in late December 2019. With no patch provided for nearly six months, ZDI publicly issued a zero-day advisory on May 19, which led to exploitation in a campaign known as “Operation PowerFall” targeting an unnamed South Korean company. “splwow64.exe” is a core Windows system binary that facilitates 32-bit application compatibility.

Microsoft Releases Patches for Active 0-Day Vulnerability and 55 Other Windows Flaws

On February 10, 2021, Microsoft addressed a total of 56 vulnerabilities, including a critical 0-day exploit that is currently being targeted in the wild. Among these, 11 vulnerabilities are classified as Critical, 43 as Important, and 2 as Moderate in severity, with six being previously disclosed. The updates enhance security across various platforms, including .NET Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for Android, Microsoft Exchange Server, Microsoft Office, Windows Codecs Library, Skype for Business, Visual Studio, Windows Defender, and key system components such as Kernel, TCP/IP, Print Spooler, and Remote Procedure Call (RPC).

The most critical vulnerability addressed is a Windows Win32k privilege escalation issue (CVE-2021-1732, CVSS score 7.8), which could allow attackers with access to a system to execute malicious code with elevated privileges. Microsoft acknowledges the contributions of JinQuan, MaDongZe, TuXiaoYi, and LiHao from DBAPPSecurity in identifying this vulnerability.

Microsoft Releases Security Updates Addressing 0-Day Vulnerability and 55 Additional Windows Flaws On February 10, 2021, Microsoft rolled out critical updates targeting 56 vulnerabilities, among which is a severe exploit that is currently being actively utilized in cyber-attacks. The updates categorize 11 vulnerabilities as Critical, 43 as Important, and 2…

Read More

Microsoft Releases Patches for Active 0-Day Vulnerability and 55 Other Windows Flaws

On February 10, 2021, Microsoft addressed a total of 56 vulnerabilities, including a critical 0-day exploit that is currently being targeted in the wild. Among these, 11 vulnerabilities are classified as Critical, 43 as Important, and 2 as Moderate in severity, with six being previously disclosed. The updates enhance security across various platforms, including .NET Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for Android, Microsoft Exchange Server, Microsoft Office, Windows Codecs Library, Skype for Business, Visual Studio, Windows Defender, and key system components such as Kernel, TCP/IP, Print Spooler, and Remote Procedure Call (RPC).

The most critical vulnerability addressed is a Windows Win32k privilege escalation issue (CVE-2021-1732, CVSS score 7.8), which could allow attackers with access to a system to execute malicious code with elevated privileges. Microsoft acknowledges the contributions of JinQuan, MaDongZe, TuXiaoYi, and LiHao from DBAPPSecurity in identifying this vulnerability.

Russian Group EncryptHub Utilizes MSC EvilTwin Vulnerability to Distribute Fickle Stealer Malware

August 16, 2025
Malware / Vulnerability

The cybercriminal organization known as EncryptHub is continuing to take advantage of a recently patched vulnerability in Microsoft Windows to deliver harmful payloads. Trustwave SpiderLabs has reported observing an EncryptHub campaign that combines social engineering tactics with the exploitation of a flaw in the Microsoft Management Console (MMC) framework (CVE-2025-26633, also referred to as MSC EvilTwin), initiating the infection process through a malicious Microsoft Console (MSC) file. According to Trustwave researchers Nathaniel Morales and Nikita Kazymirskyi, “These actions are part of a larger, ongoing wave of malicious activity blending social engineering with technical exploitation to circumvent security defenses and gain control of internal networks.” EncryptHub, also recognized as LARVA-208 and Water Gamayun, is a Russian hacking group that first emerged in mid-2024. Operating at a high pace, this financially motivated team is known for using various strategies, including fraudulent job postings…

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Distribute Fickle Stealer Malware On August 16, 2025, reports emerged that the Russian cybercriminal group known as EncryptHub is actively leveraging a recently patched vulnerability in Microsoft Windows to propagate malware. This group, also referred to as LARVA-208 and Water Gamayun, has…

Read More

Russian Group EncryptHub Utilizes MSC EvilTwin Vulnerability to Distribute Fickle Stealer Malware

August 16, 2025
Malware / Vulnerability

The cybercriminal organization known as EncryptHub is continuing to take advantage of a recently patched vulnerability in Microsoft Windows to deliver harmful payloads. Trustwave SpiderLabs has reported observing an EncryptHub campaign that combines social engineering tactics with the exploitation of a flaw in the Microsoft Management Console (MMC) framework (CVE-2025-26633, also referred to as MSC EvilTwin), initiating the infection process through a malicious Microsoft Console (MSC) file. According to Trustwave researchers Nathaniel Morales and Nikita Kazymirskyi, “These actions are part of a larger, ongoing wave of malicious activity blending social engineering with technical exploitation to circumvent security defenses and gain control of internal networks.” EncryptHub, also recognized as LARVA-208 and Water Gamayun, is a Russian hacking group that first emerged in mid-2024. Operating at a high pace, this financially motivated team is known for using various strategies, including fraudulent job postings…

Urgent: New Chrome 0-Day Vulnerability Under Active Exploitation – Update Your Browser Immediately!

On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.

New Chrome Zero-Day Vulnerability Under Active Exploitation—Update Your Browser Immediately March 3, 2021 In a critical update, Google has announced the release of patches for a newly identified zero-day vulnerability within its Chrome web browser, which is reportedly being actively targeted by attackers. This follows just a month after the…

Read More

Urgent: New Chrome 0-Day Vulnerability Under Active Exploitation – Update Your Browser Immediately!

On March 3, 2021, just a month after addressing an actively exploited zero-day flaw, Google has released updates for another critical vulnerability in Chrome, which is reportedly being targeted by attackers. The latest version, Chrome 89.0.4389.72, available for Windows, Mac, and Linux, includes a total of 47 security enhancements. The most severe issue addresses an “object lifecycle problem in audio,” tracked as CVE-2021-21166. This vulnerability was among two reported by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. A separate audio-related object lifecycle flaw was reported to Google on February 4, coinciding with the launch of Chrome 88. Though details are limited, it’s unclear whether the two issues are interconnected. Google has confirmed the existence of exploits in the wild but hasn’t provided further specifics. Users are urged to update their browsers without delay.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

URGENT: Four Actively Exploited 0-Day Vulnerabilities Discovered in Microsoft Exchange On March 3, 2021, Microsoft announced emergency patches to address four critical security vulnerabilities in its Exchange Server. These vulnerabilities, which were previously undisclosed, are reportedly being exploited by a state-sponsored threat actor from China, leading to significant concerns regarding…

Read More

URGENT: Four Actively Exploited 0-Day Vulnerabilities Found in Microsoft Exchange Server

March 3, 2021

Microsoft has issued emergency patches for four previously undisclosed security vulnerabilities in Exchange Server that are currently being exploited by a new state-sponsored threat actor from China, aimed at data theft. The Microsoft Threat Intelligence Center (MSTIC) describes these attacks as “limited and targeted,” revealing that the adversary exploited these vulnerabilities to gain access to on-premises Exchange servers, allowing them to infiltrate email accounts and install malware for prolonged access to the victim’s environment. Microsoft confidently attributes this campaign to a group known as HAFNIUM, a sophisticated state-sponsored hacker collective based in China, while also suggesting the potential involvement of other groups. In discussing HAFNIUM’s tactics, techniques, and procedures (TTPs), Microsoft highlights the group’s high level of skill and sophistication.

NSA Identifies New Vulnerabilities in Microsoft Exchange Servers

April 14, 2021

In its April update, Microsoft addressed a total of 114 security vulnerabilities, including one actively exploited zero-day flaw and four remote code execution issues within Exchange Server. Among these vulnerabilities, 19 are classified as Critical, 88 as Important, and one as Moderate. Notably, CVE-2021-28310 is a privilege escalation vulnerability within Win32k, currently under active exploitation, allowing attackers to execute malicious code and gain elevated privileges on affected systems. Cybersecurity firm Kaspersky, which reported the flaw to Microsoft in February, connected the zero-day exploit to the Bitter APT group, known for utilizing a similar vulnerability (CVE-2021-1732) in attacks last year. “This is an escalation of privilege (EoP) exploit likely used in conjunction with other browser exploits to bypass sandboxes or obtain system privileges for further access,” explained Kaspersky researcher Boris Larin.

NSA Uncovers New Vulnerabilities Impacting Microsoft Exchange Servers April 14, 2021 In a recent wave of updates, Microsoft addressed a total of 114 security vulnerabilities, prominent among them being a zero-day exploit and multiple remote code execution issues affecting Microsoft Exchange Servers. This April patch release is significant, as it…

Read More

NSA Identifies New Vulnerabilities in Microsoft Exchange Servers

April 14, 2021

In its April update, Microsoft addressed a total of 114 security vulnerabilities, including one actively exploited zero-day flaw and four remote code execution issues within Exchange Server. Among these vulnerabilities, 19 are classified as Critical, 88 as Important, and one as Moderate. Notably, CVE-2021-28310 is a privilege escalation vulnerability within Win32k, currently under active exploitation, allowing attackers to execute malicious code and gain elevated privileges on affected systems. Cybersecurity firm Kaspersky, which reported the flaw to Microsoft in February, connected the zero-day exploit to the Bitter APT group, known for utilizing a similar vulnerability (CVE-2021-1732) in attacks last year. “This is an escalation of privilege (EoP) exploit likely used in conjunction with other browser exploits to bypass sandboxes or obtain system privileges for further access,” explained Kaspersky researcher Boris Larin.

Microsoft Releases Urgent Update to Address ASP.NET Vulnerability on macOS and Linux

Microsoft has issued an emergency patch to address a critical vulnerability in its ASP.NET Core framework, which could allow unauthenticated attackers to gain SYSTEM-level privileges on devices running Linux or macOS applications. This vulnerability, identified as CVE-2026-40372, impacts versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package, an essential component…

Read MoreMicrosoft Releases Urgent Update to Address ASP.NET Vulnerability on macOS and Linux

Harvester APT Expands Surveillance Efforts with New GoGra Linux Malware

A nation-state-sponsored Advanced Persistent Threat (APT) group known as Harvester has allegedly developed a new backdoor dubbed GoGra, designed to infiltrate and monitor Linux systems in India and Afghanistan. This group has been active since at least June 2021 and initially targeted Windows platforms primarily across South Asia, but recent…

Read MoreHarvester APT Expands Surveillance Efforts with New GoGra Linux Malware

Yesterday’s Vulnerabilities Are Tomorrow’s Challenges

June 03, 2021

Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.

With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.

Recurring Vulnerabilities: A Persistent Challenge in Cybersecurity June 3, 2021 Software vulnerabilities continue to plague organizations across the globe, as evidenced by the fact that Microsoft has addressed between 55 and 110 vulnerabilities every month this year. Alarmingly, 7% to 17% of these identified vulnerabilities have been classified as critical,…

Read More

Yesterday’s Vulnerabilities Are Tomorrow’s Challenges

June 03, 2021

Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.

With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.