Remember, dear reader: CVSS is only a number and does not indicate real-world risks. This new vulnerability, CVE-2023-24880 is a Windows SmartScreen security feature bypass bug, and allows attackers to create malicious files that can bypass Mark-of-the-Web security features. While it's only rated 5.4/10, it's already being exploited by crooks demanding ransom payments. The second bug under active exploit is publicly known, and related to a similar vulnerability, CVE-2022-44698, that Microsoft fixed in December 2022. The flaw was reported to the IT giant by Ukraine's CERT as well as by the Windows maker's internal threat intelligence and research teams. As to who was abusing the security shortcoming in the first place, Microsoft pointed the finger at someone in Russia carrying out "targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe."
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |