Kaspersky researchers have identified multiple threat groups using an exploit for the new CVE-2024-30051 vulnerability, including the notorious QakBot malware and the Cobalt Strike beacon. This exploit, which targets a privilege escalation flaw, allows attackers to gain full system control once malware has been executed on a computer.
Moreover, another vulnerability has been detected in the wild, affecting the Windows MSHTML platform and allowing attackers to bypass Microsoft Object Linking & Embedding (OLE) defenses in Microsoft 365 and Office. OLE enables Office documents to include links to external objects and documents, which can be exploited by cybercriminals using techniques like OLE template injection to execute malicious code.
To exploit this second vulnerability (CVE-2024-30040), an attacker would need to trick a user into loading a malicious file onto a vulnerable system, often through deceptive emails or instant messages. Microsoft has categorized this vulnerability as “exploited” and the US Cybersecurity and Infrastructure Security Agency (CISA) has included it in its Known Exploited Vulnerabilities catalog.
As cyber threats continue to evolve, it is crucial for individuals and organizations to stay vigilant and implement security measures to protect against these exploits. Microsoft’s advisory for CVE-2024-30040 underscores the importance of being cautious with file downloads from the internet and avoiding manipulation of suspicious files.
Overall, the discovery of these vulnerabilities underscores the ongoing cat-and-mouse game between cybercriminals and security researchers. With threat actors constantly evolving their tactics, it is essential for the cybersecurity community to work together to identify and mitigate these vulnerabilities before they can be leveraged for malicious purposes. The proactive efforts of researchers like those at Kaspersky play a crucial role in safeguarding digital systems and data from growing cyber threats.