Researchers have discovered a zero-day exploit for Microsoft Windows that was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat (APT) espionage campaign. The exploit chain ended with a freshly discovered remote access trojan (RAT) dubbed MysterySnail being installed on compromised servers, with the goal of stealing data. Microsoft patched the bug (CVE-2021-40449) in its October Patch Tuesday updates, issued this week. The issue lurks in the Win32k kernel driver, a use-after-free vulnerability.”]
Source: https://threatpost.com/windows-zero-day-exploited-espionage/175432/