Global Supply Chain Cyberattack Exploits Decade-Old Windows Bug with North Korean Links.

March 31, 2023 at 02:38 PM

•

1 min read

Global Supply Chain Cyberattack Exploits Decade-Old Windows Bug with North Korean Links. — Photo: BleepingComputer

TL;DR Summary

A 10-year-old Windows vulnerability, CVE-2013-3900, is still being exploited in supply chain attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. The vulnerability allows adding content to an EXE's authenticode signature section in a signed executable without invalidating the signature. The fix can only be enabled by manually editing the Windows Registry, and it is removed after upgrading to Windows 11, making the device vulnerable again. The flaw has been used in recent attacks, and it should be fixed, even if that inconveniences developers.

Topics:business #code-signing #cybersecurity #microsoft #supply-chain-attack #vulnerability #windows

Share this article

10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack BleepingComputer
Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack Ars Technica
North Korean hackers targeting phone conferencing software, security firm says | NK PRO NK PRO
3CX Supply Chain Attack — Here's What We Know So Far The Hacker News
Supply chain cyberattack with possible links to North Korea could have thousands of victims globally CyberScoop

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

87%

718 → 96 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights