CVE-2024-26234

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified)

Description The issue is related to a Proxy Driver Spoofing Vulnerability, which is associated with errors in access restriction. Exploitation of this issue may allow an attacker to execute arbitrary code by substituting the proxy server driver. The vulnerability is linked to the substitution of a proxy server driver signed with a valid Microsoft Hardware Publisher certificate. There have been reports of active exploitation of this vulnerability. A malicious file, disguised as "Catalog Authentication Client Service" by "Catalog Thales", was distributed, attempting to impersonate Thales Group. This file was previously bundled with marketing software called LaiXi Android Screen Mirroring. Microsoft has added the malicious file to the certificate revocation list.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.