Rewterz

Rewterz Threat Alert – Donot APT Group – Active IOCs

February 23, 2022
Rewterz

Rewterz Threat Advisory – CVE-2021-35244 – SolarWinds Orion Zero-Day Vulnerability

February 23, 2022

Rewterz Threat Advisory – CVE-2022-21988 – Microsoft Office Zero-Day Vulnerability

Severity

High

Analysis Summary

CVE-2022-21988

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the processing of EMR_DELETEOBJECT records in EMF images. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

Impact

  • Remote Code Execution

Indicators of Compromise

CVE

  • CVE-2022-21988

Affected Vendors

Microsoft

Affected Products

  • Office Visio

Remediation

To update the patch to this vulnerability, visit:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21988

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.