CISA Includes Microsoft COM for Windows Vulnerability in Known Exploited Vulnerabilities Catalog

August 6, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a specific vulnerability in Microsoft COM for Windows to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, tracked as CVE-2018-0824, is a deserialization of untrusted data vulnerability, which occurs when an application converts data from a serialized format back into an object or data structure in memory without proper validation.

As per Microsoft's advisory, this vulnerability can lead to remote code execution if an attacker manages to exploit it. The attacker could use a specially designed file or script to perform actions. The exploitation scenarios include email attacks, where the attacker sends the specially crafted file to the user and convinces them to open it, and web-based attacks, where the attacker hosts a website with the specially crafted file designed to exploit the vulnerability.

This vulnerability was reportedly exploited by the China-linked APT41 group in a campaign against a Taiwanese government-affiliated research institute. The campaign, which started in July 2023, involved the delivery of ShadowPad malware, Cobalt Strike, and other post-exploitation tools. APT41 also created a custom loader to inject a proof-of-concept for CVE-2018-0824 directly into memory, using a remote code execution vulnerability to achieve local privilege escalation.

As per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have been instructed to address the identified vulnerabilities by a certain due date to protect their networks against attacks exploiting these flaws. Private organizations are also advised to review the Catalog and address the vulnerabilities in their infrastructure. CISA has set a deadline of August 26, 2024, for federal agencies to rectify this specific vulnerability.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.