firefly
Goto Top

Malware Romcom exploits zero-day vulnerabilities in Firefox and Windows

Security researchers at Eset have discovered a serious threat that is currently being exploited in Germany and in US: A Russian hacker group is currently exploiting two new zero-day vulnerabilities in Windows to spread the "Romcom" malware.

"RomCom" (also known as Storm-0978, Tropical Scorpius, or UNC2596) is a dangerous piece of malware developed by Russian-Hackers that is attacking targets in Europe and North America. The malware can download additional malicious modules and execute commands on infected systems. It allows attackers to gain long-term access to compromised systems and exfiltrate data.

Affected are Firefox, the Tor browser, Thunderbird and Windows 11, Windows 10, Windows Server 2016, 2019, 2022, 2025.

Most critically, a simple visit to a compromised website is enough to infect. No user interaction (such as downloads or clicks) is required.

back-to-topRecommendation


Since the attackers exploit two vulnerabilities in combination, I recommend that you fix at least one vulnerability immediately. The Romcom malware can only spread if both vulnerabilities are present. Updating your Firefox version is very quick and easy. With Windows Update you should plan your timing better.

screenshot 2024-11-28 002131

back-to-topFirefox, Tor Browser, Thunderbird (the internal browser for viewing email)


Mozilla has fixed the bug CVE-2024-9680: Use-after-free in animation timeline on 9 October 2024 and released an update.

This means that all versions of Windows Firefox that were last updated before 9 October 2024 are affected.

Firefox (and software that uses the browser internally) should therefore be at least at these versions:

  • Firefox 131.0.2
  • Firefox ESR 128.3.1
  • Firefox ESR 115.16.1
  • Tor Browser 13.5.7
  • Tails 6.8.1 (a portable operating system that protects against surveillance and censorship)
  • Thunderbird 115.16
  • Thunderbird 128.3.1
  • Thunderbird 131.0.1

See also: Behind the Scenes: Fixing an In-the-Wild Firefox Exploit

The Tor Browser and Thunderbird should also be updated to the latest version.

back-to-topWindows 11, Windows 10, Windows Server 2016, 2019, 2022, 2025


Microsoft fixed the bug CVE-2024-49039 on 12 November 2024.

This bug is fixed in the following versions of Windows. It exists in all the versions below:

Windows 11:

  • Version 24H2 (Build 10.0.26100) for x64 and ARM64
  • Version 23H2 (Build 10.0.22631) for x64 and ARM64

Windows 10:

  • Version 22H2 (Build 10.0.19045) for 32-bit, x64, and ARM64
  • Version 1809 (Build 10.0.17763)
  • Basic version (Build 10.0.10240) for 32-bit

Windows Server:

  • Server 2025 (Build 10.0.26100)
  • Server 2022, 23H2 Edition (Build 10.0.25398)
  • Server 2019 (Build 10.0.17763)
  • Server 2016 (Build 10.0.14393.7515)
  • Server 2016 Crore (Build 10.0.14393.7515)

All updates fix the Elevation of Privilege vulnerability.

The appropriate security update for your version of Windows can be downloaded here.

Alternatively, you can use the automatic update feature.

I wish you good luck!

Regards
@firefly

Content-ID: 669818

Url: https://administrator.de/contentid/669818

Printed on: December 5, 2024 at 16:12 o'clock