{"id":39352,"date":"2021-04-14T10:38:05","date_gmt":"2021-04-14T14:38:05","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=39352"},"modified":"2021-04-14T10:38:05","modified_gmt":"2021-04-14T14:38:05","slug":"cve-2021-28310","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/cve-2021-28310\/39352\/","title":{"rendered":"CVE-2021-28310: A broken window"},"content":{"rendered":"<p>Kaspersky researchers <a href=\"https:\/\/securelist.com\/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild\/101898\/\" target=\"_blank\" rel=\"noopener\">have found<\/a> a zero-day vulnerability (CVE-2021-28310) in a Microsoft Windows component called Desktop Window Manager (DWM). We believe several threat actors have already exploited the vulnerability. Microsoft just released the patch, and we suggest applying it immediately. Here\u2019s why.<\/p>\n<h2>What is Desktop Window Manager?<\/h2>\n<p>Pretty much everyone is familiar with the windowed interface of modern operating systems: \u00a0each program opening in a separate window that doesn\u2019t necessarily take up the whole screen. Windows may overlap, for example, one casting a shadow over others as if it were physically blocking the light. In Microsoft Windows, the component responsible for rendering features such as shadows and transparency is Desktop Window Manager.<\/p>\n<p>To understand why Desktop Window Manager is important in a cybersecurity context, consider that programs don\u2019t just draw their windows on the screen; they put the necessary information in a buffer. Desktop Window Manager grabs that information from each program\u2019s buffer and creates the overall composite view that the user sees. When a user moves one window over another, the open programs don\u2019t know anything about whether their windows should be casting a shadow or having a shadow cast on them, for example. Desktop Window Manager does that job, and as such it is a key service in Windows that has existed in every version of Windows since Vista \u2014 and cannot be deactivated in Windows 8 or later versions.<\/p>\n<h2>Desktop Window Manager\u2019s vulnerability<\/h2>\n<p>The vulnerability our advanced exploit prevention technology discovered is an <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/privilege-escalation\/\" target=\"_blank\" rel=\"noopener\">elevation of privilege<\/a> vulnerability. That means a program can trick Desktop Window Manager into giving it access that it shouldn\u2019t have. In this case, the vulnerability allowed the attackers to execute arbitrary code on victims\u2019 machines \u2014 it essentially gave them full control over the computers.<\/p>\n<h2>How to avoid CVE-2021-28310 exploitation<\/h2>\n<p>It\u2019s critical to act quickly. Here\u2019s what you can do:<\/p>\n<ul>\n<li>Install the <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-28310\" target=\"_blank\" rel=\"nofollow noopener\">patches Microsoft released on April 13<\/a>, immediately and on all vulnerable computers;<\/li>\n<li>Protect all of your devices with a robust security solution such as <a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Endpoint Security for Business<\/a>, whose advanced exploit prevention component blocks attempts to exploit CVE-2021-28310.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p> A zero-day vulnerability in Microsoft Windows may already have been exploited.<\/p>\n","protected":false},"author":2581,"featured_media":39353,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,5,3052,2683],"tags":[1343,3060,1171,38,268,113],"class_list":{"0":"post-39352","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-news","9":"category-smb","10":"category-threats","11":"tag-0days","12":"tag-cve","13":"tag-exploits","14":"tag-microsoft","15":"tag-vulnerabilities","16":"tag-windows"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2021-28310\/39352\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2021-28310\/22719\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2021-28310\/18200\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/cve-2021-28310\/9036\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cve-2021-28310\/24553\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2021-28310\/22581\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cve-2021-28310\/21634\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cve-2021-28310\/25057\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cve-2021-28310\/24383\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2021-28310\/30513\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cve-2021-28310\/9524\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cve-2021-28310\/16754\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cve-2021-28310\/17310\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cve-2021-28310\/26518\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/cve-2021-28310\/30464\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/cve-2021-28310\/26903\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2021-28310\/23747\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2021-28310\/29092\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2021-28310\/28890\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/vulnerabilities\/","name":"vulnerabilities"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/39352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=39352"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/39352\/revisions"}],"predecessor-version":[{"id":39355,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/39352\/revisions\/39355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/39353"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=39352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=39352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=39352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}