One-year-old Windows token kidnapping vulnerability remains unpatched and is now being exploited in malicious hacker attacks. This is one of those Microsoft-really-should-know-better moments, especially since they knew about the severity of the issue and the public release of proof-of-concept code that provided a roadmap for exploiting the flaw. In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021. Despite being a mostly run-of themill ransomware strain, Babuk Locker s encryption mechanisms and abuse of Windows Restart Manager sets it apart.
Source: https://threatpost.com/will-microsoft-ever-fix-token-kidnapping-flaw-031609/72413/