Microsoft's cybersecurity defenses were easily broken by Black Basta on zero-day

The gang exploited the CVE-2024-26169 which allows system privilege.

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Microsoft Black Basta

In the cybersecurity realm, it sometimes appears like a game of cat and mouse is being played. The Black Basta ransomware gang seems to have cleverly outwitted Microsoft using an uncorrected weakness in the Windows Error Reporting Service (CVE-2024-26169).

This flaw provided an opportunity for attackers to enhance their privileges up to the SYSTEM level, meaning they could potentially obtain control over everything within this system. Microsoft put a stopper on this gap during March, but not before Black Basta enjoyed themselves with it.

The Symantec hunters have assembled clues that imply the exploit was utilized in nature as a zero-day, which means it is a weakness that was exploited prior to the vendor releasing a patch.

The exploit takes advantage of an oddity in how Windows manages registry keys, which gives attackers full administrative rights. The interesting part is the timing: Symantec discovered versions of this exploit that have timestamps prior to Microsoft’s patch – one even going back to December 2023.

While times can change, the absence of will to adjust in this situation supports the idea that Black Basta was early on with it.

It’s not a single vulnerability story. This is just the beginning, an introduction to modern ransomware gangs’ clever strategies. Black Basta may have a connection with the well-known Conti group, and their skill in using zero days shows how the danger continues to change.

Windows encourages organizations to apply the most recent security updates and follow the guidance of cybersecurity agencies like CISA to protect against these types of threats.

But what does this mean for us users? It’s a clear message that we need to keep our systems updated. Sometimes, it’s tempting to ignore those annoying notifications about updates, but as the Black Basta campaign shows us, being too relaxed can come with a high price.

Therefore, when you encounter this update notification in the future, perhaps reconsider before choosing “remind me later.” Ultimately, during this era of technological advancement and digital life, we all must fulfill the duty of avoiding harmful entities.

In other news, Microsoft fixed 51 CVEs with this month’s Patch Tuesday updates, so you should update your Windows 11 to the latest version as soon as possible.

More about the topics: Cybersecurity, microsoft