Microsoft Patches Windows Zero-Day Exploited in Ransomware Attacks
March 14, 2023
Microsoft has patched a zero-day bug used by attackers to deploy Magniber ransomware payloads without raising any red flags. The vulnerability, tracked as CVE-2023-24880, was discovered by Google Threat Analysis Group (TAG) and reported to Microsoft on February 15.
TAG reported that over 100,000 downloads of malicious MSI files have been observed since January 2023, with over 80% of downloads occurring in Europe. This is a notable divergence from Magniber's typical targeting, which usually focuses on South Korea and Taiwan.
CVE-2023-24880 is a variant of another Windows SmartScreen security feature bypass tracked as CVE-2022-44698 and also exploited as a zero-day to infect targets with malware. Microsoft patched CVE-2022-44698 during the December 2022 Patch Tuesday after months of exploitation. However, as Google TAG explained, the patch only fixed a single aspect of the bug rather than fixing the root cause. "When patching a security issue, there is tension between a localized, reliable fix, and a potentially harder fix of the underlying root cause issue," Google TAG said. "Because the root cause behind the SmartScreen security bypass was not addressed, the attackers were able to quickly identify a different variant of the original bug."
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.