Security News > 2024 > June > CISA warns of Windows bug exploited in ransomware attacks

CISA warns of Windows bug exploited in ransomware attacks
2024-06-14 16:39

The U.S. Cybersecurity and Infrastructure Security Agency has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs.

Successful exploitation lets local attackers gain SYSTEM permissions in low-complexity attacks that don't require user interaction.

The company has yet to update its security advisory to tag the vulnerability as exploited in attacks.

As revealed in a report published earlier this week, Symantec security researchers found evidence that the operators of the Black Basta ransomware gang were likely behind attacks abusing the flaw as a zero-day.

On Thursday, CISA gave FCEB agencies three weeks, until July 4, to patch the CVE-2024-26169 security and thwart ransomware attacks that could target their networks.

Black Basta ransomware gang linked to Windows zero-day attacks.


News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-bug-exploited-in-ransomware-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-03-12 CVE-2024-26169 Unspecified vulnerability in Microsoft products
Windows Error Reporting Service Elevation of Privilege Vulnerability
0.0