Chinese cyber attack sparks alert over six year old MS vuln


The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft vulnerability dating back to 2018 to its Known Exploited Vulnerabilities (KEV) catalogue after evidence emerged that it is being used in an attack chain by the China-backed APT41 advanced persistent threat group.

CVE-2018-0824 was first addressed by Microsoft in the May 2018 Patch Tuesday update. It is a remote code execution (RCE) flaw in Microsoft COM for Windows resulting from a failure to properly handle serialised objects.

Read more…
Source: Computer Weekly


Sign up for our Newsletter


Related:

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...