CISA Includes Microsoft COM for Windows Vulnerability in Known Exploited Vulnerabilities Catalog
August 6, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a specific vulnerability in Microsoft COM for Windows to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, tracked as CVE-2018-0824, is a deserialization of untrusted data vulnerability, which occurs when an application converts data from a serialized format back into an object or data structure in memory without proper validation.
As per Microsoft's advisory, this vulnerability can lead to remote code execution if an attacker manages to exploit it. The attacker could use a specially designed file or script to perform actions. The exploitation scenarios include email attacks, where the attacker sends the specially crafted file to the user and convinces them to open it, and web-based attacks, where the attacker hosts a website with the specially crafted file designed to exploit the vulnerability.
This vulnerability was reportedly exploited by the China-linked APT41 group in a campaign against a Taiwanese government-affiliated research institute. The campaign, which started in July 2023, involved the delivery of ShadowPad malware, Cobalt Strike, and other post-exploitation tools. APT41 also created a custom loader to inject a proof-of-concept for CVE-2018-0824 directly into memory, using a remote code execution vulnerability to achieve local privilege escalation.
As per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have been instructed to address the identified vulnerabilities by a certain due date to protect their networks against attacks exploiting these flaws. Private organizations are also advised to review the Catalog and address the vulnerabilities in their infrastructure. CISA has set a deadline of August 26, 2024, for federal agencies to rectify this specific vulnerability.
Related News
Latest News
- Google Patches Kernel Zero-Day Vulnerability in Android, Amidst Targeted Exploits
- Critical Security Bypass Vulnerability Found in Rockwell Automation ControlLogix 1756 Devices
- StormBamboo APT Group Breaches ISP to Deliver Malware
- Chinese APT41 Group Breaches Taiwan Research Institute for Cyber Espionage
- Mirai Botnet Variant Targets Vulnerable OFBiz ERP Systems
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.