The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> a deserialization of untrusted data vulnerability in Microsoft COM for Windows, tracked as CVE-2018-0824<\/a> (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n
“A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects.” reads the advisory<\/a> published by Microsoft.<\/p>\n\n\n\n
This week, Cisco Talos researchers reported<\/strong><\/a> that the China-linked group compromised a Taiwanese government-affiliated research institute. The experts attributed the attack with medium confidence to the APT41<\/a> group.<\/p>\n\n\n\n
The campaign started as early as July 2023 and threat actors delivered the\u00a0ShadowPad<\/a>\u00a0malware,\u00a0Cobalt Strike<\/a>, and other post-exploitation tools. Talos also discovered that APT41 created a custom loader to inject a proof-of-concept for\u00a0CVE-2018-0824<\/a>\u00a0directly into memory. The threat actors used a remote code execution vulnerability to achieve local privilege escalation.
According to\u00a0Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n
CISA orders federal agencies to fix this vulnerability by August 26, 2024.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a> \u2013<\/strong> hacking, US CISA Known Exploited Vulnerabilities catalog)<\/strong>