10-year-old Windows bug with opt-in fix exploited in 3CX attack


A Microsoft patch for a 10-year-old Windows flaw is still “opt-in” and is still being used in attacks to trick users into believing executables are authentically signed. Even worse, after updating to Windows 11, the remedy is no longer in place. The Windows desktop programme of VoIP communications business 3CX was distributed with trojanized versions in a massive supply chain attack on Wednesday night, according to news reports.

Two DLLs utilised by the Windows desktop programme were changed to malicious versions as part of this supply chain attack, downloading further malware to computers like an information-stealing trojan.

Read More…