Monday, December 9, 2024
HomeCVE/vulnerabilityWindows 0-Day Exploited in Wild with Single Right Click

Windows 0-Day Exploited in Wild with Single Right Click

Published on

SIEM as a Service

A newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows systems across various versions.

This critical vulnerability, uncovered by the ClearSky Cyber Security team in June 2024, has been linked to attacks aimed specifically at Ukrainian organizations.

The exploit allows malicious actors to gain control of a system through seemingly innocuous actions such as a single right-click on a malicious file.

- Advertisement - SIEM as a Service

Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)

Vulnerability Overview

The zero-day flaw affects nearly all versions of Windows, including Windows 10, and 11, and some configurations of older versions like Windows 7 and 8.1.

The vulnerability is triggered by interacting with specially crafted URL files disguised as legitimate documents.

  • A single right-click on a malicious file (affects all Windows versions).
  • Deleting the file (Windows 10/11).
  • Dragging the file to another folder (Windows 10/11 and some older versions).

The malicious files, often disguised as academic certificates, were first observed being distributed from a compromised official Ukrainian government website.

The attack typically begins with a phishing email containing a malicious URL file. The email from a compromised Ukrainian government server encourages the recipient to renew their academic certificate.

Once the user interacts with the URL file in any triggering ways, a connection to the attacker’s server is established, allowing for the download of additional malicious payloads, including the SparkRAT malware.

SparkRAT, an open-source remote access trojan (RAT), is used to gain control of the victim’s system. Additionally, the attackers employ persistence techniques to maintain access even after a system reboot.

The Ukrainian Computer Emergency Response Team (CERT-UA) has attributed these attacks to the Russian-linked threat actor UAC-0194.

ClearSky researchers have also identified overlaps with techniques used by other Russian-affiliated groups, suggesting using a common toolkit.

Microsoft addressed this vulnerability with a security patch released on November 12, 2024. Users are urged to update their systems immediately to prevent exploitation of CVE-2024-43451.

Maintaining up-to-date security patches remains critical for safeguarding against these ongoing attacks.

Analyze Unlimited Phishing & Malware with ANY.RUN For Free - 14 Days Free Trial.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Google Announces Vanir, A Open-Source Security Patch Validation Tool

Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and...

New Transaction-Relay Jamming Vulnerability Let Attackers Exploits Bitcoin Nodes

A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin...

Raspberry Pi 500 & Monitor, Complete Desktop Setup at $190

Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its...

Qlik Sense for Windows Vulnerability Allows Remote Code Execution

Qlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Google Announces Vanir, A Open-Source Security Patch Validation Tool

Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and...

New Transaction-Relay Jamming Vulnerability Let Attackers Exploits Bitcoin Nodes

A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin...

Raspberry Pi 500 & Monitor, Complete Desktop Setup at $190

Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its...