Windows and Firefox Zero-Day Security Flaws Being Exploited by Hackers

Exploitation of both the Windows and Firefox vulnerabilities together allows remote code execution on endpoints

Published: Nov 27, 2024

microsoft security hero approved

SHARE ARTICLE

Key Takeaways:

  • Two zero-days found in Windows and Firefox
  • Actively exploited in Europe and North America
  • Patches for both flaws have been available for over a month

Security firm ESET is warning that RomCom, a Russian Advanced Persistent Threat (APT) group, is actively exploiting two zero-day security flaws to plant backdoors on systems. Firefox is being exploited through a use-after-free bug (CVE-2024-9680) in the animation timeline feature, which can lead to code being run in the restricted context of the browser. The bug was discovered October 8th and a patch was quickly issued the next day.

ESET found a second bug (CVE-2024-49039) in Windows that allows hackers that have been able to authenticate on a system to run arbitrary code. It was the exploitation of both the Windows and Firefox vulnerabilities together that allowed RomCom to perform remote code execution on endpoints. A patch for CVE-2024-49039 has been available for more than a month.

Zero-click attack

To exploit both vulnerabilities to run code remotely, RomCom was embedding malicious code into websites that redirects users to a server where the code to install a backdoor is hosted. This is known as a zero-click attack because once the end user is persuaded to visit a malicious or otherwise infected website, no further actions are required for the user’s system to be infected.

ESET hasn’t disclosed how many systems have been infected so far but has stated that most of the victims were targeted between October 10 and November 4 in Europe and North America.

Test and deploy patches quickly

Testing and pushing out patches as quickly as possible is key to making sure users don’t fall prey to zero-day flaws.

SHARE ARTICLE