Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial

PuzzleMaker using Chrome zero-day exploit to get into your Windows PC

Threat Level – Red | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

A chain of zero-day vulnerabilities is being used by a new threat actor, PuzzleMaker. PuzzleMaker uses a chrome V8 type confusion vulnerability (CVE-2021-21224), which allows the attacker to execute an arbitrary code via a crafted HTML page. This elevation of privilege (EoP) exploit is then used by the PuzzleMaker to get into windows 10 using the information disclosure vulnerability(CVE-2021-31955) and the heap buffer overflow vulnerability (CVE-2021-31956).

The Techniques used by the PuzzleMaker include:T1543 – Create or Modify System ProcessT1189 – Drive-by CompromiseT1059 – Command and Scripting InterpreterT1055 – Process InjectionT1134 – Access Token ManipulationT1057 – Process DiscoveryT1203 – Exploitation for Client ExecutionT1215 – Kernel Modules and Extensions

Vulnerability Details

Indicators of Compromise

TypeValue
Files%SYSTEM%WmiPrvMon.exe
%SYSTEM%wmimon.dll
MDS Hash09a5055db44fc1c9e3add608efff038c
d6b850c950379d5ee0f254f7164833e8
SHA-1 Hashbffa4462901b74dbfbffaa3a3db27daa61211412
e63ed3b56a5f9a1ea5c92d3d2444196ea13be94b
SHA-256 Hash982f7c4700c75b81833d5d59ad29147c392b20c760fe36b200b541a0f841c8a9
8a17279ba26c8fbe6966ea3300fdefb1adae1b3ed68f76a7fc81413bd8c1a5f6
Domainmedia-seoengine.com

Patch Links

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955

https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html

References

https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/

https://otx.alienvault.com/pulse/60c088d3fd6e59ee86c1b78b

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox