216.73.217.19

Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine

· Published 17/10/2024 10:39 · Modified 18/10/2024 09:20

Export JSON

Essential information

Published
17/10/2024 10:39
Modified
18/10/2024 09:20
Tags
2024-10-17 CVE-2022-41128 CVE-2024-38178 apt37 jscript9.dll remote code execution rokrat type confusion vulnerability windows zero-day
Related entities
1 intrusion sets (apt), 16 techniques (mitre), 1 malware, 1 others

Description

is a in , patched by Microsoft in August 2024. It allows bypassing the patch through incorrect JIT engine optimizations. , a North Korean threat group, exploited this in June 2024 against South Korean targets. The exploit enables on systems. Affected software includes Microsoft Edge (IE mode) and media players using legacy WebView. The stems from improper type validation in the JIT compiler, leading to arbitrary code execution. Mitigation involves updating and disabling IE mode in Edge.

External references