Navigation
Recherche
|
A Windows Vulnerability Reported by the NSA Was Exploited To Install Russian Malware
samedi 27 avril 2024, 16:34 , par Slashdot
'Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years,' Ars Technica reported this week, 'in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday.
'When Microsoft patched the vulnerability in October 2022 — at least two years after it came under attack by the Russian hackers — the company made no mention that it was under active exploitation.' As of publication, the company's advisory still made no mention of the in-the-wild targeting. Windows users frequently prioritize the installation of patches based on whether a vulnerability is likely to be exploited in real-world attacks. Exploiting CVE-2022-38028, as the vulnerability is tracked, allows attackers to gain system privileges, the highest available in Windows, when combined with a separate exploit. Exploiting the flaw, which carries a 7.8 severity rating out of a possible 10, requires low existing privileges and little complexity. It resides in the Windows print spooler, a printer-management component that has harbored previous critical zero-days. Microsoft said at the time that it learned of the vulnerability from the US National Security Agency... Since as early as April 2019, Forest Blizzard has been exploiting CVE-2022-38028 in attacks that, once system privileges are acquired, use a previously undocumented tool that Microsoft calls GooseEgg. The post-exploitation malware elevates privileges within a compromised system and goes on to provide a simple interface for installing additional pieces of malware that also run with system privileges. This additional malware, which includes credential stealers and tools for moving laterally through a compromised network, can be customized for each target. 'While a simple launcher application, GooseEgg is capable of spawning other applications specified at the command line with elevated permissions, allowing threat actors to support any follow-on objectives such as remote code execution, installing a backdoor, and moving laterally through compromised networks,' Microsoft officials wrote. Thanks to Slashdot reader echo123 for sharing the news. Read more of this story at Slashdot.
https://it.slashdot.org/story/24/04/27/0420253/a-windows-vulnerability-reported-by-the-nsa-was-explo...
|
56 sources (32 en français)
Date Actuelle
dim. 24 nov. - 02:50 CET
|