A recent discovery by Check Point unveiled a critical remote code execution vulnerability, known as CVE-2024-38112, affecting Microsoft Windows users and various versions of Windows Server. This vulnerability has raised concerns among cybersecurity experts due to its potential impact on a large number of users.

The attackers responsible for exploiting this vulnerability have employed a clever tactic involving Windows Internet Shortcut files that leverage the retired Internet Explorer to direct users to a URL containing a hidden malicious extension. By luring users to open this URL using Internet Explorer instead of more secure browsers like Chrome or Edge, the threat actors gain an advantage in launching their malicious attacks on the victim’s device.

In addition to the Internet Shortcut files method, threat actors have also been using another technique to deceive victims. They disguise dangerous .hta applications as PDF files, tricking users into downloading and executing malicious content without their knowledge. This double-pronged approach showcases the sophisticated strategies employed by cybercriminals to target unsuspecting individuals.

As a response to the severity of this vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) has included it in the Known Exploited Vulnerabilities Catalog, highlighting its score of 7.5 due to active exploitation. Federal agencies have been mandated to update or shut down all Windows systems by July 30 to mitigate the risks posed by this vulnerability.

Recent research has shed light on the alarming lack of endpoint protection controls and patch management controls on a significant portion of Windows 10 and 11 devices. Out of the approximately 500,000 endpoints analyzed, over 10% were found to be missing endpoint protection controls, while nearly 9% lacked patch management controls. This gap in security measures exposes these organizations to a higher risk of exploitation by threat actors.

While Microsoft released a patch for this vulnerability on July 9, it is important to note that some exploits have been detected over a year ago. This underscores the urgency for organizations to swiftly implement mitigation efforts to safeguard their systems and data from potential cyber threats.

Overall, the discovery of CVE-2024-38112 poses a significant security risk to Microsoft Windows users and organizations utilizing Windows Server. By staying vigilant and promptly addressing security vulnerabilities, users can protect themselves against potential cyber attacks and safeguard their sensitive information from falling into the wrong hands.

Source link