The Download
CISA added a two-year old Windows bug to its Known Exploitable Vulnerability (KEV) list, directing Federal agencies to patch the bug within three weeks. The vulnerability, CVE-2022-38028 with CVSS 7.8, has been disclosed since 2022. However, there is now weaponization and active exploitation of the bug by Russian actor APT28 in governmental, non-profit and transportation organizations.
As part of the exploit, threat actor APT 28 drops a tool dubbed GooseEgg to launch other system level applications that can provide remote access.
What You Can Do
Anytime CISA adds a vulnerability to the KEV list, it is a good idea to follow their directive to immediately scan for that vulnerability in your environment and patch. Because this vulnerability is being actively used in exploits, time is of the essence.
To Learn More: