It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access. We believe this exploit is used in the wild, potentially by several threat actors. Microsoft released a patch to this vulnerability as a part of its April security updates. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310. While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. Kaspersky Advanced Cyber Incident Communications.KasperskyEndpoint Detection and Response.
