Vulnerability Management, Threat Intelligence

Newly patched Windows zero-day leveraged to attack Ukraine

Share
Windows 11 start button on computer menu screen close up view

BleepingComputer reports that Ukrainian organizations have been subjected to suspected Russian cyberattacks involving the newly fixed Windows NTLM Hash Disclosure spoofing flaw, tracked as CVE-2024-43451, since June.

Such intrusions, which Ukraine's Computer Emergency Response Team associated with the Russian threat operation UAC-0194, commenced with the delivery of phishing emails with a URL file, which when interacted exploits the vulnerability to facilitate installation of additional payloads, including the open-source trojan SparkRAT, an analysis from ClearSky researchers showed. Additional findings revealed the exploitation of the Server Message Block protocol to enable attempted NTLM hash exfiltration. Ongoing attacks leveraging the bug, which has been addressed by Microsoft as part of this month's Patch Tuesday, have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate impacted instances that include all supported Windows iterations by Dec. 3.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.