Cyber Security News

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly being actively exploited by the Chinese state-sponsored Advanced Persistent Threat (APT) group Mustang Panda.

The vulnerability, which affects the Windows Explorer graphical user interface (GUI), has been classified as low-severity by Microsoft but poses significant risks due to its exploitation in targeted attacks.

Details of the Vulnerability

The flaw involves how Windows handles files extracted from compressed “RAR” archives. When extracted into a folder, these files appear invisible in the Windows Explorer GUI, misleading users into believing the folder is empty.

However, the files can still be accessed and executed via command-line tools if their exact path is known.

For instance, using the dir command reveals these hidden files, and executing attrib -s -h on system-protected files results in the creation of an unknown file type associated with an “Unknown” ActiveX component.

This exploitation method allows threat actors to conceal malicious files within seemingly benign archives, bypassing detection and enabling stealthy execution of harmful payloads.

Mustang Panda’s Role

Mustang Panda, also known as Bronze President or RedDelta, is a well-documented Chinese APT group known for cyber espionage campaigns targeting governments, NGOs, and private organizations worldwide.

The group frequently employs spear-phishing emails and custom malware like PlugX to infiltrate systems and exfiltrate sensitive data.

Their operations often align with China’s geopolitical objectives, including intelligence gathering and strategic dominance. In this case, Mustang Panda is leveraging the Windows vulnerability to deliver malicious payloads.

Their tactics include embedding harmful files in compressed archives distributed through phishing campaigns or other deceptive methods. Once extracted, these files remain hidden from users but can be executed to compromise systems.

Despite its active exploitation by a sophisticated threat actor, Microsoft has categorized this vulnerability as low-severity.

This classification may reflect the specific conditions required for exploitation or the limited scope of potential damage compared to other critical vulnerabilities.

However, cybersecurity experts warn that such vulnerabilities can have significant implications when used as part of a broader attack chain.

This is an actively developing story. ClearSky Cyber Security has indicated that more technical details about the vulnerability and its exploitation will be published soon on their blog.

Organizations are advised to stay alert for updates and take proactive measures to protect their systems against potential threats.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Hackers Rapidly Adopt ClickFix Technique for Sophisticated Attacks

In recent months, a sophisticated social engineering technique known as ClickFix has gained significant traction…

4 hours ago

Supply Chain Attack Targets 23,000 GitHub Repositories

A critical security incident has been uncovered involving the popular GitHub Action tj-actions/changed-files, which is…

5 hours ago

Beware! Malware Hidden in Free Word-to-PDF Converters

The FBI has issued a warning about a growing threat involving free file conversion tools,…

5 hours ago

MassJacker Clipper Malware Targets Users Installing Pirated Software

A recent investigation has uncovered previously unknown cryptojacking malware, dubbed MassJacker, which primarily targets users…

5 hours ago

SocGholish Exploits Compromised Websites to Deliver RansomHub Ransomware

SocGholish, a sophisticated malware-as-a-service (MaaS) framework, has been identified as a key enabler in the…

5 hours ago

New Steganographic Malware Hides in JPG Files to Deploy Multiple Password Stealers

A recent cybersecurity threat has emerged in the form of a steganographic campaign that uses…

5 hours ago