The Cybersecurity and Infrastructure Security Agency (CISA) recently added a flaw in Microsoft’s Windows 10 software to its roster of security vulnerabilities that are currently being exploited.

CISA highlighted that “Microsoft COM for Windows has a vulnerability involving the deserialization of untrusted data, enabling privilege escalation and remote code execution.” This was included in the agency’s Known Exploited Vulnerability Catalog on Monday.

Users are advised to stop using the affected software or apply a patch provided by Windows.

Although CISA is unaware if this vulnerability, identified as CVE-2018-0824, has been leveraged in any ransomware attacks, a report from CISCO Talos published Thursday suggested that a Chinese hacking group exploited this vulnerability during an intrusion into a Taiwanese government research facility. The report indicated that the facility was “likely compromised.”

Another Organization Issues Alert for Windows Users

CISA wasn’t the only entity alerting Windows users on Monday.

The enterprise tech news site, the Register, reported that “criminals are once again targeting Windows users, this time attempting to deploy a keylogger that can steal user credentials and capture screenshots.”

The Register noted that FortiGuard Labs, a cybersecurity analysis firm, observed a rise in malware attacks linked to the SnakeKeylogger, which is notorious for stealing login information and recording keystrokes on compromised systems.

This keylogger was initially available via subscription on Russian cybercrime forums and became a significant threat by 2020, as reported by the Register.

According to cybersecurity firm Check Point Research in 2022, this malware “is usually disseminated through emails that contain docx or xlsx files with harmful macros,” along with PDF formats.

These warnings emerge following the “Crowdstrike outage” in July, where a faulty software update rendered Windows devices inoperable for several hours.