"CISA confirmed shortly after Microsoft rolled out 165 patches on April 14 that CVE-2009-0238 (9.3), first published on February 24, 2009, was being abused in active attacks."
"An attacker who successfully exploited these vulnerabilities could take complete control of an affected system, allowing them to install programs, view, change, or delete data."
"CISA did not reveal much about how the Excel vulnerability is being exploited, nor by whom or for what purpose, as is often the case with its KEV publications."
CISA alerted about a critical Excel vulnerability, CVE-2009-0238, which is being actively exploited. This flaw, first identified in 2009, allows remote code execution when victims open a specially crafted Excel document. CISA added it to its Known Exploited Vulnerability catalog and set a two-week patch deadline for federal agencies. Microsoft had previously issued a fix and warned that successful exploitation could give attackers complete control over affected systems, allowing them to install programs and manipulate data.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]