Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: High-Severity Path Validation Vulnerability In Kingsoft WPS Office Enables Arbitrary Code Execution, Patch Immediately!
Image
Published : 19/08/2024
Reference:
Advisory #2024-205
Version:
1.0
Affected software:
Kingsoft WPS Office ranging from 12.2.0.13110 to 12.2.0.13489
Type:
Improper Path Validation
CVE/CVSS:
CVE-2024-7262 :CVSS 7.8(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Sources
Tenable: https://www.tenable.com/cve/CVE-2024-7262
Risks
The vulnerability has a high risk due to the potential for arbitrary code execution through the loading of malicious libraries. This risk is exacerbated by the fact that it has been weaponized as a single-click exploit, making it easier for attackers to exploit.
According to Cybersecurity News, ESET observed malicious actors distributing deceptive spreadsheet documents designed to trigger the exploit, which makes this actively exploited in the wild.
Furthermore, the vulnerability has a high impact on confidentiality, integrity, and availability.
Description
This vulnerability involves improper path validation in the promecefpluginhost.exe of Kingsoft WPS Office, allowing an attacker to load an arbitrary Windows library.
Exploitation vector:
- The attacker crafts a malicious spreadsheet document embedded with a payload.
- The attacker distributes this document to the target.
- When the target opens the document in Kingsoft WPS Office, the promecefpluginhost.exe improperly validates the file path and loads the malicious library, executing the attacker's code.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2024-7262
Feedly: https://feedly.com/cve/CVE-2024-7262
Cybersecurity News: https://securityonline.info/wps-office-vulnerabilities-expose-200-million-users-cve-2024-7262-exploited-in-the-wild/