Memory Corruption Vulnerability in Scripting Engine Could Allow for Code Execution

Summary

The article discusses a memory corruption vulnerability in the Scripting Engine that affects Microsoft software. The vulnerability, identified as CVE-2024-38178, has been exploited by the North Korean threat actor, ScarCruft, to spread RokRAT malware. Successful exploitation requires a user to click on a specially crafted URL, and the threat actors have used compromised advertising content to deliver the exploit. RokRAT is capable of various malicious activities, including remote access and data gathering. Microsoft has released patches to address this vulnerability, and the Cybersecurity and Infrastructure Security Agency (CISA) has added it to the Known Exploited Vulnerabilities Catalog, urging users to update their systems by September 3. The article also highlights four other zero-day vulnerabilities affecting Windows systems and emphasizes the importance of patching to mitigate the risk of cyber attacks exploiting known vulnerabilities.

News Articles

Risky Biz

CVE-2024-38178

The Feds secretly disrupted Anonymous Sudan back in March

Iranian hackers sell access to US critical infrastructure; North Korea hacked ad platforms to deploy an IE zero-day; hacker "USDoD" arrested in Brazil.

1 month ago

The Hacker News

CVE-2024-38178

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

ScarCruft exploits a patched Windows zero-day, CVE-2024-38178, infecting devices with RokRAT malware.

1 month ago

Forbes

CVE-2024-38178CVE-2024-38213

New Windows Cyber Attacks Confirmed—CISA Says Update By September 3

The U.S. Cybersecurity Agency has warned that Windows users must update systems before September 3 as multiple new zero-day attacks are confirmed by Microsoft.

3 months ago