Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign

Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers.

Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers.

Microsoft reported a total of 74 vulnerabilities, three of which are rated critical.

MysterySnail Exploits Win32K Bug

Security researchers pointed to CVE-2021-40449, an elevation of privilege vulnerability in Win32k, as standing out from the crowd of patches, given that It’s been exploited in the wild as a zero-day.

This summer, Kaspersky researchers discovered that the exploit was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat (APT) campaign from the APT IronHusky.

The exploit chain ended with a freshly discovered remote access trojan (RAT) dubbed MysterySnail being installed on compromised servers, with the goal of stealing data.

Bharat Jogi, Qualsys senior manager of vulnerability and threat research, told Threatpost on Tuesday that if left unpatched, “MysterySnail has the

Read More: