Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too., described as a proxy driver spoofing vulnerability in Windows . This was reported to Redmond by Christopher Budd of Sophos and is rated 6.7 out of 10 on the CVSS severity scale. Microsoft initially listed it as non-exploited then during the day upgraded that to exploited.

In brief, it appears an innocent-looking executable digitally signed by a vendor's valid Microsoft Hardware Publisher Certificate actually contained a backdoor that uses an embedded proxy server to monitor and intercept network traffic on an infected Windows machine. It appears someone was able to take that program, sign it using the publisher cert so that the operating system trusted it, then bundle it with marketing/spam software designed to remote-control phones to make them act like online bots, collectively liking posts, following people on social media, and posting comments. Running the program would introduce the backdoor on the victim's PC. Now, according to Sophos, Microsoft has revoked the software's certification and assigned the issue CVE-2024-26234.According to Redmond, that was the only security hole exploited in the wild addressed in its Patch Tuesday for April. But we're told that isn't quite right.in the wild before Microsoft issued a patch this wee

