0
Malware Romcom exploits zero-day vulnerabilities in Firefox and Windows
Security researchers at Eset have discovered a serious threat that is currently being exploited in Germany and in US: A Russian hacker group is currently exploiting two new zero-day vulnerabilities in Windows to spread the "Romcom" malware.
"RomCom" (also known as Storm-0978, Tropical Scorpius, or UNC2596) is a dangerous piece of malware developed by Russian-Hackers that is attacking targets in Europe and North America. The malware can download additional malicious modules and execute commands on infected systems. It allows attackers to gain long-term access to compromised systems and exfiltrate data.
Affected are Firefox, the Tor browser, Thunderbird and Windows 11, Windows 10, Windows Server 2019, 2022, 2025.
Most critically, a simple visit to a compromised website is enough to infect. No user interaction (such as downloads or clicks) is required.
Since the attackers exploit two vulnerabilities in combination, I recommend that you fix at least one vulnerability immediately. The Romcom malware can only spread if both vulnerabilities are present. Updating your Firefox version is very quick and easy. With Windows Update you should plan your timing better.
Mozilla has fixed the bug CVE-2024-9680: Use-after-free in animation timeline on 9 October 2024 and released an update.
This means that all versions of Windows Firefox that were last updated before 9 October 2024 are affected.
Firefox (and software that uses the browser internally) should therefore be at least at these versions:
See also: Behind the Scenes: Fixing an In-the-Wild Firefox Exploit
The Tor Browser and Thunderbird should also be updated to the latest version.
Microsoft fixed the bug CVE-2024-49039 on 12 November 2024.
Here are the affected versions of Windows:
Windows 11:
Windows 10:
Windows Server:
All updates fix the Elevation of Privilege vulnerability.
The appropriate security update for your version of Windows can be downloaded here.
Alternatively, you can use the automatic update feature.
I wish you good luck!
Regards
@firefly
"RomCom" (also known as Storm-0978, Tropical Scorpius, or UNC2596) is a dangerous piece of malware developed by Russian-Hackers that is attacking targets in Europe and North America. The malware can download additional malicious modules and execute commands on infected systems. It allows attackers to gain long-term access to compromised systems and exfiltrate data.
Affected are Firefox, the Tor browser, Thunderbird and Windows 11, Windows 10, Windows Server 2019, 2022, 2025.
Most critically, a simple visit to a compromised website is enough to infect. No user interaction (such as downloads or clicks) is required.
Recommendation
Since the attackers exploit two vulnerabilities in combination, I recommend that you fix at least one vulnerability immediately. The Romcom malware can only spread if both vulnerabilities are present. Updating your Firefox version is very quick and easy. With Windows Update you should plan your timing better.
Firefox, Tor Browser, Thunderbird (the internal browser for viewing email)
Mozilla has fixed the bug CVE-2024-9680: Use-after-free in animation timeline on 9 October 2024 and released an update.
This means that all versions of Windows Firefox that were last updated before 9 October 2024 are affected.
Firefox (and software that uses the browser internally) should therefore be at least at these versions:
- Firefox 131.0.2
- Firefox ESR 128.3.1
- Firefox ESR 115.16.1
- Tor Browser 13.5.7
- Tails 6.8.1 (a portable operating system that protects against surveillance and censorship)
- Thunderbird 115.16
- Thunderbird 128.3.1
- Thunderbird 131.0.1
See also: Behind the Scenes: Fixing an In-the-Wild Firefox Exploit
The Tor Browser and Thunderbird should also be updated to the latest version.
Windows 11, Windows 10, Windows Server 2019, 2022, 2025
Microsoft fixed the bug CVE-2024-49039 on 12 November 2024.
Here are the affected versions of Windows:
Windows 11:
- Version 24H2 (Build 10.0.26100) for x64 and ARM64
- Version 23H2 (Build 10.0.22631) for x64 and ARM64
Windows 10:
- Version 22H2 (Build 10.0.19045) for 32-bit, x64, and ARM64
- Version 1809 (Build 10.0.17763)
- Basic version (Build 10.0.10240) for 32-bit
Windows Server:
- Server 2025 (Build 10.0.26100)
- Server 2022, 23H2 Edition (Build 10.0.25398)
- Server 2019 (Build 10.0.17763)
All updates fix the Elevation of Privilege vulnerability.
The appropriate security update for your version of Windows can be downloaded here.
Alternatively, you can use the automatic update feature.
I wish you good luck!
Regards
@firefly
Auf Facebook teilen
Auf Twitter teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 669818
Url: https://administrator.de/contentid/669818
Ausgedruckt am: 28.11.2024 um 01:11 Uhr
