US CISA Requires Patching of Microsoft Windows 10/11 Vulnerabilities

TapTechNews June 15th news, the US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released a notice requiring various agencies of the US Federal Education, Science and Culture Committee to patch the Microsoft Windows 10/Windows 11 vulnerability within 3 weeks (by July 4th) to avoid being cyberattacked by hackers.

TapTechNews note: The security vulnerability tracking number is CVE-2024-26169, which exists in the Microsoft Windows ErrorReporting error and is a vulnerability of improper permission management. It can allow local attackers to obtain SYSTEM permission without user interaction.

Microsoft has already patched this vulnerability in the Patch Tuesday event on March 12, 2024, but since there are still hackers using this vulnerability to launch attacks, Microsoft has not disclosed the details of its vulnerability.

Symantec security researchers released a report this week, stating that there is evidence that the operators of the BlackBasta ransomware gang (Cardinal cybercrime gang, also tracked as UNC4394 and Storm-1811) are likely to be the幕后黑手 behind the abuse of this vulnerability as a zero-day attack.

Researchers found that in these attacks, the compile timestamp of one variant of the deployed CVE-2024-26169 exploit tool is February 27, and the compile timestamp of the second sample is even earlier, which is December 18, 2023.

This shows that before Microsoft released a security update to patch the local privilege elevation vulnerability, the ransomware organization had already had an effective exploit program for 14 to 85 days.

According to the research of CorvusInsurance and the cybersecurity company Elliptic, as of November 2023, BlackBasta has received at least 100 million US dollars in ransom from more than 90 victims.