Skip to main content

Magnitude Exploit Kit Targeting Chromium Browser & Windows Vulnerabilities

Background

Security researchers have observed a significant shift in tactics from the Magnitude Exploit Kit (EK) this week with the addition of exploits for Chromium-based browsers and Microsoft Windows. Exploit Kits are web applications that threat actors install on compromised web sites that work by detecting the user’s browser and launching a web-based exploit to infect the victim’s computer with malware if it is determined to be vulnerable.

Exploit Kits have had a long history of being used by threat actors in drive-by attacks to infect victims that visit a compromised website and were most prevalent from 2010-2017. In recent years, Exploit Kit development has dropped off and the active ones have mainly focused on targeting Internet Explorer users since exploits for that browser are easier to develop. The addition of exploits for Chromium-based browsers opens up the Magnitude EK victim pool to now include users of Google Chrome and Microsoft Edge.

CVE ID

CVSS Score V3

CVSS Criticality

Type

Description

CVE-2021-21224

8.8

High

Remote Code Execution

A vulnerability that exists in Chromium based browsers that can lead to remote code execution.

CVE-2021-31956

7.8

High

Privilege Escalation

A vulnerability in Windows can lead to elevation of privileges.

Analysis

CVE-2021-31956

CVE-2021-31956 is a privileges escalation vulnerability within Windows New Technology File System (NTFS) which could allow a local user to elevate their privileges on an affected system. A local user could use this vulnerability with a crafted application in order to take control of a system. This vulnerability affects all currently supported Windows variants including Windows Server and Windows Server Core Installations. Microsoft notes that this flaw has been actively exploited in the wild as zero-day vulnerability. Kaspersky researchers credited and found the link between this vulnerability to an attack chain from the PuzzleMaker Group, which includes the use of an unidentified Google Chrome zero-day vulnerability.

CVE-2021-21224

April 20,2021, CVE-2021-21224 has been issued with type confusion in V8 in Google Chrome that could have allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Like CVE-2021-31956, Kaspersky researchers also found the link between CVE-2021-21224 to an attack chain from the PuzzleMaker Group on the same security research article.

Solutions and Recommendations

Arctic Wolf's recommendation is to apply the patch for CVE-2021-21224 and CVE-2021-31956 to prevent Remote Code Execution or privilege escalation scenarios in your environment. Details on how to apply this patch for your specific software can be found here:

Affected Software

CVE

Patched Versions

Google Chrome

CVE-2021-21224



 

  • Google Chrome versions 90.0.4430.85 (April 20, 2021) or later have this vulnerability remediated
  • Note: We recommend applying updates for the latest stable release of Google Chrome here to remediate all known vulnerabilities

Microsoft Edge

CVE-2021-21224



 

  • Microsoft Edge 90.0.818.41 (April 22, 2021) or later have this vulnerability remediated
  • Note: We recommend applying updates for the latest stable release of Microsoft Edge here to remediate all known vulnerabilities

Microsoft Windows

CVE-2021-31956

  • All versions of Windows with the June 8, 2021 patch or later
  • Note: We recommend applying the latest Windows security updates from the October 2021 patch Tuesday release here to remediate all known vulnerabilities

References

Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.

About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar
CSS Table Adjustment: