The Windows 10 operating system has distributed patches against several critical security flaws as part of its security update on Tuesday, and two of them have been actively exploited by cybercriminals.
The two errors were discovered by the cybersecurity company Kaspersky, which has stated in a statement that in both cases they were zero-day vulnerabilities, that is, those that are unknown to manufacturers and / or developers.
In the first case, CVE-2021-31955, an element of the Microsoft system ‘kernel’ called ‘ntoskrnl.exe’ allowed cybercriminals to access restricted information on the system.
In the case of the second vulnerability, CVE-2021-31956, attackers could perform an elevation of privilege to access sensitive Windows permissions, through a mechanism known as buffer overrun. The vulnerable process, ntfs.sysm, is a function that extends the attributes of a file and buffers them.
The security flaws, which Windows patched this Tuesday within its security updates for the first Patch Tuesday of June, are part of a campaign of zero-day vulnerabilities exploited by a new group of cybercriminals known as PuzzleMaker, which has also affected the Google browser. Chrome.
Cybercriminals have exploited critical vulnerabilities in Windows 10 to inject a total of four ‘malware’ modules into system processes and run them.
Ultimately, the ‘malware’ installs a Windows ‘shell’ that is capable of downloading and uploading files, creating processes, idling indefinitely, and even killing itself.