CVE-2024-38178 is a memory corruption vulnerability discovered in the Windows Scripting Engine that allows for remote code execution (RCE) attacks. This vulnerability poses a serious risk if an attacker can convince an authenticated user to click on a crafted link, enabling the unauthenticated attacker to initiate RCE. The attack method hinges on the target using Microsoft Edge in Internet Explorer Mode, which is required for the exploit to succeed. This vulnerability has been assigned a CVSS score of 7.5 out of 10, indicating its significant impact on affected systems.
Microsoft disclosed that this vulnerability has been exploited in the wild, though no indicators of compromise (IOCs) or further details were shared to assist defenders in identifying potential infections. The absence of IOCs makes it more challenging for cybersecurity teams to proactively detect signs of compromise, especially in targeted environments. The lack of telemetry from Microsoft means that defenders must rely on patching the vulnerability promptly to mitigate the risks.
The vulnerability was reported by AhnLab, a cybersecurity firm, and South Korea’s National Cyber Security Center (NCSC), suggesting that it may have been used in advanced persistent threat (APT) attacks, likely tied to nation-state actors. APT attacks often target specific organizations or countries, utilizing sophisticated methods to infiltrate systems and steal sensitive information. The involvement of nation-state entities underscores the critical nature of the vulnerability and its potential for high-stakes exploitation.
Microsoft has released patches to address CVE-2024-38178, urging organizations to apply the fixes immediately. However, the ongoing exploitation of the vulnerability means that systems that have not yet been updated remain at high risk. Cybersecurity professionals are encouraged to monitor systems closely and ensure that users are aware of the potential risks associated with opening suspicious links, particularly in environments where Edge is used in Internet Explorer Mode.
Reference: