The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a significant vulnerability in Microsoft’s Windows 10 software to its Known Exploited Vulnerability Catalog. This vulnerability, identified as CVE-2018-0824, pertains to the Microsoft COM for Windows and is characterized by a deserialization of untrusted data flaw. This issue not only allows for privilege escalation but also enables remote code execution, raising alarms among cybersecurity experts.
CISA has recommended that users either cease using affected software or apply the necessary patches provided through Windows updates. While the agency has not confirmed whether this vulnerability has been exploited in any ransomware campaigns, a report from CISCO Talos indicates that a Chinese hacking group has indeed leveraged this vulnerability to compromise a Taiwanese government research center.
Second Organization Issues Windows Warning
In a parallel development, another warning was issued to Windows users by the enterprise technology news site, The Register. The publication reported that cybercriminals are increasingly targeting Windows users with a new keylogger, known as SnakeKeylogger, which is capable of stealing credentials and capturing screenshots from infected machines. FortiGuard Labs, a threat intelligence agency, noted a marked increase in malware attacks involving this particular keylogger.
Originally marketed on Russian crime forums as a subscription service, SnakeKeylogger emerged as a significant threat in 2020. According to Check Point Research, this malware is typically disseminated through emails containing malicious attachments, such as docx or xlsx files with harmful macros, as well as through PDF files.
The recent alerts come in the wake of the “Crowdstrike outage” in July, where a faulty software update rendered numerous devices running Windows inoperable for several hours, highlighting the potential repercussions of technical glitches in widely used operating systems.