HB Ad Slot
HB Mobile Ad Slot
Black Basta Exploits Microsoft Zero-Day After Patch
Friday, June 21, 2024

It is being reported that Black Basta (aptly named) exploited a Microsoft zero-day prior to Microsoft’s release of a patch for the vulnerability back in March.

The vulnerability, CVE-2024-26169, was on Microsoft’s March update’s Patch Tuesday List. Unpatched, it allows the threat actor to escalate privileges. Symantec’s threat hunter team has discovered that Black Basta was able to gather information on the vulnerability prior to the patch and use it recently in attacks against victims. This means that even if an organization applied the patch, Black Basta may be able to exploit the vulnerability anyway.

It is essential for organizations to apply patches for vulnerabilities in a timely manner. Unfortunately, this research indicates that even if you do so, the threat actors may have already figured out how to exploit the vulnerability to use it against companies after the fact to render the vulnerability a zero-day again. Patch, patch, patch. There’s no way around it, and it is more important than ever. Patch this vulnerability to avoid Black Basta—trust me—they are a bunch of bastas.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins