CISA confirms Windows privilege escalation flaw has been exploited
US cybersecurity agency also added a recently disclosed Google Pixel flaw to its list of exploited vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that a Microsoft Windows privilege escalation vulnerability has seen exploitation in attacks.
The vulnerability (tracked at CVE-2024-26169) has been tied to attacks by the Black Basta ransomware gang by researchers at Symantec.
The Windows Error Reporting Service Improper Privilege Management Vulnerability was disclosed and fixed by Microsoft in mid-March.
CISA added the bug to its catalogue of vulnerabilities known to have seen exploitation in the wild Thursday.
"Analysis of an exploit tool deployed in recent attacks revealed evidence that [the vulnerability] could have been compiled prior to patching, meaning at least one group may have been exploiting the vulnerability as a zero-day," Symantec researchers wrote in a post last week.
The exploit tool "was deployed in a recent attempted ransomware attack investigated by Symantec's Threat Hunter Team," the researchers said.
"Although the attackers did not succeed in deploying a ransomware payload in this attack, the tactics, techniques, and procedures (TTPs) used were highly similar to those described in a recent Microsoft report detailing Black Basta activity. Although no payload was deployed, the similarities in TTPs makes it highly likely it was a failed Black Basta attack."
CISA also added a Google Pixel privilege escalation vulnerability that was disclosed this week (tracked at CVE-2024-32896) to its catalogue, as well as a Progress Telerik vulnerability (tracked at CVE-2024-4358).
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said in its advisory.
CISA has set a due date of 4th July for US Federal Civilian Executive Branch agencies to implement fixes for the issues.
This article was first published on CRN