Recently fixed Windows zero-day actively exploited since mid-2020

Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.

The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability.’

It allows local attackers to elevate their privileges to the admin level by triggering a use-after-free condition in the win32k.sys core kernel component.

Read more…
Source: Bleeping Computer