Attackers Have Been Leveraging Microsoft Zero-Day for 18 Months

Attackers Have Been Leveraging Microsoft Zero-Day for 18 Months

July 10, 2024 at 04:29PM

Threat actors exploited a zero-day bug (CVE-2024-38112) patched by Microsoft in July for over 18 months. The vulnerability impacts Internet Explorer’s Trident engine and affects newer Windows systems, like Windows 10 and 11. It allows attackers to run ransomware and spyware. Check Point discovered concurrent campaigns targeting individuals in Vietnam and Turkey, prompting CISA to add the vulnerability to its known exploited vulnerabilities catalog. Microsoft also addressed another zero-day (CVE-2024-38080) in its update.

Based on the meeting notes, here are the key takeaways:

– Threat actors may have been exploiting a zero-day bug (CVE-2024-38112) in Microsoft’s July security update for at least 18 months prior to the patch release. This vulnerability affects the MSHTML (Trident) engine for Internet Explorer and also affects newer Windows 10 and 11 systems where Edge is the default browser.
– The exploit allows attackers to use Internet Shortcut files to open an attacker-controlled URL, and could lead to the execution of ransomware, spyware, or other arbitrary code on the victim’s machine.
– Check Point has observed at least two different threat actors exploiting the vulnerability in concurrent campaigns, targeting individuals in Vietnam and Turkey, with one campaign involving the deployment of the Atlantida information stealer on targeted machines.
– The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-38112 to its catalog of known exploited vulnerabilities (KEV) and has urged organizations to apply Microsoft’s mitigations for the vulnerability.
– Microsoft has also released fixes for a total of 139 vulnerabilities in its products in the July update, making it larger in CVE volume than the company’s updates for May and June combined.

Let me know if you need any further information or assistance.

Full Article