Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign

’s October Patch Tuesday included security fixes for 74 , one of which is a being used to deliver the MysterySnail to Windows servers.

Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers.

Microsoft reported a total of 74 vulnerabilities, three of which are rated critical.

MysterySnail Win32K Bug

Security researchers pointed to CVE-2021-40449, an elevation of privilege vulnerability in Win32k, as standing out from the crowd of patches, given that It’s been exploited in the wild as a zero-day.

This summer, Kaspersky researchers discovered that the exploit was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat (APT) campaign from the APT IronHusky.

The exploit chain ended with a freshly discovered remote access trojan (RAT) dubbed MysterySnail being installed on compromised servers, with the goal of stealing data.

Bharat Jogi, Qualsys senior manager of vulnerability and , told Threatpost on Tuesday that if left unpatched, “MysterySnail has the

Read More: https://threatpost.com/microsoft-patch-tuesday-bug-exploited-mysterysnail-espionage-campaign/175431/