CVE-2024-38178

Name of the Vulnerable Software and Affected Versions Microsoft Edge versions prior to the fixed version Microsoft Windows 10 version 1507 (prior to 10.0.10240.20751)

Description The vulnerability is related to a memory corruption issue in the Windows Scripting Engine, which can be exploited by remote attackers to execute arbitrary code on a system. This issue has been linked to the North Korean APT group ScarCruft, who have been using it to infect devices with RokRAT malware. The attack vector involves exploiting the vulnerability through Internet Explorer Mode in Edge, and it can be triggered without any user interaction, such as when a user views a malicious advertisement. The estimated number of potentially affected devices worldwide is not specified, but the vulnerability has been used in real-world incidents, including the "Operation Code on Toast" campaign.

Recommendations For Microsoft Edge versions prior to the fixed version: Update to the latest version of Microsoft Edge to patch the vulnerability. For Microsoft Windows 10 version 1507 (prior to 10.0.10240.20751): Update to a newer version of Windows 10 or apply the patch for the vulnerability. As a temporary workaround, consider disabling Internet Explorer Mode in Edge until a patch is available. Restrict access to the Windows Scripting Engine to minimize the risk of exploitation. Avoid using Internet Explorer or Edge in Internet Explorer compatibility mode until the issue is resolved.