_mundissima_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
July 25, 2024 at 04:05PM
Check Point discovered CVE-2024-38112, a remote code execution vulnerability affecting Microsoft Windows and Windows Server. Threat actors exploit this via Internet Shortcut files and by disguising .hta applications as PDFs. CISA has categorized it as a high-severity risk and mandated updates for federal Windows systems by July 30. Organizations with inadequate endpoint and patch controls are particularly vulnerable.
Key Takeaways from the meeting notes:
1. A remote code execution vulnerability, tracked as CVE-2024-38112, has been discovered by Check Point earlier this month. This vulnerability impacts Microsoft Windows users and various versions of Windows Server.
2. The attackers exploited this vulnerability using Windows Internet Shortcut files, which call on the retired Internet Explorer to visit a URL with a hidden malicious extension name. As users are opening the URL with Internet Explorer and not more secure browsers like Chrome or Edge, the threat actors have an advantage in exploiting the victim’s device.
3. Another method employed by the threat actors is to deceive the victim into believing they are opening a PDF file, while in fact, they are downloading and executing a dangerous .hta application.
4. The Cybersecurity and Infrastructure Security Agency (CISA) has added this high-severity vulnerability to its Known Exploited Vulnerabilities Catalog with a score of 7.5 due to its active exploitation. CISA has mandated that all Windows systems within federal agencies must be updated or shut down by July 30.
5. Research indicates that over 10% of the roughly 500,000 endpoints running Windows 10 and 11 are missing endpoint protection controls, and almost 9% lack patch management controls, leaving organizations with significant blind spots for attackers to exploit.
6. Although Microsoft issued a patch on July 9, some exploits of this vulnerability date back more than a year ago, emphasizing the urgency for organizations to promptly address mitigation efforts.