Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions

1 week ago 24
BOOK THIS SPACE FOR AD
ARTICLE AD

WIRE TOR - The Ethical Hacking Services

⚠️ Hackers have found a way to exploit a newly patched zero-day vulnerability in Windows identified as CVE-2024–43451. This flaw, impacting the MSHTML engine, can be triggered through everyday user actions like deleting a file, dragging and dropping, or simply right-clicking on it. 🖱️💼

🔑 Zero-Day Impact: CVE-2024–43451 is considered a medium-severity flaw. It allows attackers to capture a user’s NTLMv2 hash and then launch a pass-the-hash attack to authenticate as the targeted user — compromising systems with minimal user interaction.

The exploit takes advantage of Microsoft’s MSHTML engine through apps that utilize WebBrowser control, such as Edge in Internet Explorer mode. When users interact with a malicious URL file (even without opening it), they may inadvertently trigger the vulnerability, establishing a connection with an attacker-controlled server. This method is especially potent on Windows 10 and 11 systems, where communication with external servers is initiated upon interaction with the URL file. 🖥️💥

The cybersecurity firm ClearSky uncovered this vulnerability in June 2024 and later observed it exploited by a Russian-based threat actor suspected to be UAC-0194. Attackers targeted Ukrainian entities via phishing emails, originating from a compromised Ukrainian government server. Victims were lured into downloading a ZIP archive containing a PDF and a malicious URL file, the latter designed to exploit this zero-day.

💡 Example of Attack Flow:

The user receives a phishing email asking for academic certificate renewal.The email is directed to a ZIP file on a legitimate government site.ZIP file includes: A PDF document. A URL file that exploits CVE-2024–43451.

Upon any interaction, the URL file triggers the vulnerability, connecting with the attacker’s server and downloading malicious files like SparkRAT malware.

As hackers continue to exploit these vulnerabilities, Wire Tor Pentest Services provides robust defenses. Our comprehensive penetration testing identifies weak points before attackers can exploit them, safeguarding your systems and data against emerging threats like CVE-2024–43451.

🛡️ Stay Protected! Act before attackers do, contact Wire Tor for industry-leading pentest solutions. ⚙️💻

Read Entire Article