Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged that one of those vulnerabilities is being actively exploited, we've been told that another hole is also under attack.

The bug that the IT giant said was being exploited in the wild is CVE-2024-26234, which is described as a rogue proxy driver vulnerability in Windows. This was reported to Redmond by Christopher Budd of Sophos and has been rated 6.7 out of 10 on the CVSS scale. Microsoft first listed it as non-exploited and then during the day upgraded it to exploited.

Sophos has published an article here on the issue, which expands on research from infosec outfit Stairwell in January.

In short, it appears that an innocent-looking executable digitally signed by a vendor's valid Microsoft Hardware Publisher certificate actually contained a backdoor that uses an embedded proxy server to monitor and intercept network traffic on an infected Windows machine.