Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.
The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability.’
It allows local attackers to elevate their privileges to the admin level by triggering a use-after-free condition in the win32k.sys core kernel component.
Read more…
Source: Bleeping Computer