CVE-2021-1732

Name of the Vulnerable Software and Affected Versions Microsoft Windows (affected versions not specified) Windows 10 versions prior to February 2021

Description A memory buffer overflow and type confusion issue exists in the Win32k component of the Windows kernel. During the execution of the NtUserCreateWindowEx() function, an attacker can abuse a user-mode callback to confuse the win32k.sys driver regarding the cbWndExtra and pExtraBytes fields. This allows the SetWindowLongPtr() function to be used as an arbitrary kernel read/write primitive, enabling an attacker to overwrite the current process token with the SYSTEM token to gain full privileges. This issue has been actively exploited in the wild by the APT Bitter group and integrated into the Disco malware framework to facilitate privilege escalation. It was also observed in attacks targeting medical institutions to deploy cryptocurrency miners.

Recommendations Update Windows 10 to the February 2021 security update or a newer version. At the moment, there is no information about a newer version that contains a fix for this vulnerability for other unspecified Windows versions.