The flaw was first reported to Microsoft in 2019, but at the time it said it did not consider the issue to be a vulnerability.
Researchers believe that attackers behind the Anchor malware, the Trickbot gang, have ceased Trickbot operations are instead focusing on deploying stealthier versions of other malware families.
Researchers have uncovered malware samples that are targeting a local privilege escalation flaw in Windows Installer.
Attackers exploiting the CVE-2021-40444 Windows flaw used infrastructure also known to be associated with a ransomware group.
Microsoft has released an emergency patch for the PrintNightmare CVE-2021-34527 vulnerability in Windows.