CISA warns against exploitation of Windows vulnerability in ransomware attacks
The US Cybersecurity and Infrastructure Security Agency warns against exploitation of a vulnerability in Windows. An attacker can use this vulnerability in ransomware attacks. Microsoft already released an update on March 12, closing the vulnerability.
This vulnerability, which can be tracked under CVE-2024-26169, is in the Windows Error Reporting Service. This vulnerability allows an attacker who already has access to a system to escalate their privileges to SYSTEM. This way he can gain full control over the affected system and, for example, disable or adjust security software.
Microsoft already resolved the error during Patch Tuesday in March this year and indicated at the time that there were no signals of abuse. Symantec security researchers reported earlier this week However, the group of cybercriminals behind the Black Basta ransomware may have already exploited the vulnerability before the patch was released. The vulnerability may even have been exploited as early as December 2023.
The CISA now also has the vulnerability added to his catalogue of known exploited vulnerabilities. That catalog contains commonly used vulnerabilities that could pose a significant risk to federal organizations, the agency said. CISA advises organizations to take swift action to limit the risks of such vulnerabilities.