Two Actively Abused Zero-days Addressed By Microsoft

During April's Patch Tuesday, Microsoft addressed two zero-day vulnerabilities that were actively exploited, initially overlooked by the company. The first vulnerability, CVE-2024-26234, identified as a proxy driver spoofing issue, was discovered by Sophos X-Ops in December 2023 and reported by Christopher Budd. This malicious driver, masquerading as "Catalog Authentication Client Service" by "Catalog Thales," was found bundled with LaiXi Android Screen Mirroring software, previously associated with marketing. Despite uncertainty about LaiXi's authenticity, Sophos believes the file functions as a malicious backdoor. Microsoft promptly acted upon receiving the report, adding the relevant files to its revocation list. This incident echoes previous discoveries by Sophos and insights shared by cybersecurity experts, confirming the exploitation of CVE-2024-26234, rectified in the latest advisory update from Microsoft. Read more...