A recently discovered zero-day vulnerability, CVE-2024-43451, is being actively exploited, targeting Windows systems across multiple versions. Identified by the ClearSky Cyber Security team in June 2024, this vulnerability has been used in attacks primarily targeting Ukrainian organizations. The exploit enables attackers to take control of a system with a simple right-click on a malicious file.
All about the Vulnerability
The zero-day vulnerability impacts nearly all Windows versions, including Windows 10, 11, and some older configurations like Windows 7 and 8.1.
It is triggered by interacting with malicious URL files disguised as legitimate documents. Actions such as a right-click, deleting, or dragging the file can exploit the flaw across different Windows versions.
The malicious files, often pretending to be academic certificates, were initially distributed from a compromised Ukrainian government website. The attack starts with a phishing email containing a harmful URL file. The email urges the recipient to renew their academic certificate.
When the user interacts with the URL file, it connects to the attacker’s server, enabling the download of SparkRAT malware. SparkRAT gives the attacker control over the victim’s system and uses persistence methods to retain access after a reboot. These attacks have been linked to the Russian threat group UAC-0194, according to CERT-UA.
ClearSky researchers found similarities between this attack and tactics used by other Russian-linked groups, indicating a shared toolkit. Microsoft released a security patch for CVE-2024-43451 on November 12, 2024, urging users to update their systems to avoid exploitation. Keeping security patches current is essential to protect against these threats.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment