CISA Adds Microsoft COM Vulnerability to Exploited List, Agencies Must Act

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a significant vulnerability in Microsoft COM for Windows to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, identified as CVE-2018-0824, carries a CVSS score of 7.5, indicating a serious potential threat to systems utilizing this software.

Understanding the Vulnerability

At the heart of this issue is a deserialization of untrusted data vulnerability. This occurs when an application improperly deserializes data from an untrusted source without adequate validation. Deserialization is a critical process that converts data from a serialized format—such as JSON or XML—back into an object or data structure within memory.

According to the advisory released by Microsoft, “A remote code execution vulnerability exists in Microsoft COM for Windows when it fails to properly handle serialized objects.” This means that an attacker could exploit this vulnerability using a specially crafted file or script to execute unauthorized actions. In scenarios involving email attacks, the attacker might send a malicious file to the user, persuading them to open it. Alternatively, in web-based attacks, the threat could manifest through a compromised website that hosts user-provided content designed to exploit this vulnerability.

Exploitation Tactics

To trigger the vulnerability, an attacker could deceive the victim into clicking a link that leads to a malicious website, subsequently convincing them to open the crafted file. This week, researchers from Cisco Talos reported that a group linked to China successfully compromised a Taiwanese government-affiliated research institute. This attack has been attributed with medium confidence to the APT41 group.

The campaign, which began as early as July 2023, involved the deployment of ShadowPad malware, Cobalt Strike, and various post-exploitation tools. Notably, Talos discovered that APT41 created a custom loader to inject a proof-of-concept for CVE-2018-0824 directly into memory, utilizing the remote code execution vulnerability to escalate local privileges.

Mitigation and Compliance

In accordance with Binding Operational Directive (BOD) 22-01, which aims to mitigate the significant risks posed by known exploited vulnerabilities, federal agencies are mandated to address identified vulnerabilities by the specified due date to safeguard their networks. Experts also advise private organizations to review the KEV catalog and remediate any vulnerabilities present in their infrastructure.

CISA has set a deadline for federal agencies to rectify this vulnerability by August 26, 2024, emphasizing the urgency of addressing this critical security concern.

What is http go microsoft com?

The URL 'http://go.microsoft.com' is a redirect service provided by Microsoft. It is often used in Microsoft communications and product documentation to provide short, easy-to-remember URLs that redirect to longer, more complex addresses. This service helps in managing and tracking URLs for various purposes such as marketing campaigns, product announcements, and technical documentation.

How to delete a comment on Microsoft Teams?

To delete a comment on Microsoft Teams, navigate to the comment you wish to delete, click on the 'More options' icon (three dots) next to the comment, and select 'Delete'. A confirmation prompt may appear, asking you to confirm the deletion. Once confirmed, the comment will be deleted. Note that you can only delete comments that you have posted, unless you have administrative privileges that allow you to manage other users’ comments.