VTA-00358 – CVE-2021-1732: Local Privileges Escalation Vulnerability On Windows Win32k:
1. Update to latest patch accordingly for Windows OS and Windows 2019 servers by referring to this link.
2. Keep Microsoft Defender up to date.
3. Configure the IOC information provided below into your current network, perimeter and endpoint threat defense mechanisms e.g. Endpoint Advanced Threat Protection (ATP), Network Firewall, Web Application Firewall (WAF), Email and Web Content Filtering Policies, where applicable.
4. To download and install OTX Endpoint Security. Subscribe to Provintell-Lab’s OTX pulses and scan endpoints for the presence of IOCs
Microsoft has released a security advisory which is related to Microsoft Win32k under CVE-2021-1732. By exploiting this vulnerability, the attacker can take control of an infected system locally by privilege escalation. This vulnerability can let non-admin user to elevate themselves with system-level access.
Exploitation for Privilege Escalation
Indicator of Compromise (IOC) Detection:
Contributed by: Mr22k