VERY IMPORTANT

While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, Kaspersky discovered another zero-day exploit, which they believe is linked to the same actor. Kaspersky reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310. Microsoft released a patch to this vulnerability as a part of its April security updates. Kaspersky believes this exploit is used in the wild, potentially by several threat actors.