Resources
  • Research
  • Intelligence Blogs
Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine
2024.10.23

😈 S2W's Threat Intelligence Center, TALON, has released a detailed analysis report on the ZeroDay vulnerability discovery related to the NorthKorea-based threat group, APT37.

✅ Report Title:

Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine

✅ Executive Summary:

1️⃣ Vulnerability Overview:
On August 13, 2024, Microsoft patched CVE-2024-38178, a vulnerability within JScript9.dll, as part of the August Patch Tuesday.

2️⃣ Vulnerability Cause:
CVE-2024-38178 is a type confusion vulnerability caused by the JIT engine in JScript9.dll performing incorrect optimizations on variables initialized with the
usual arithmetic conversion exception operator, which can be used to bypass the CVE-2022-41128 patch released in November 2022.

3️⃣ Related threat groups and attacks:
In June 2024, APT37 (Scarcruft), a North Korea-based threat group, exploited this vulnerability in an in-the-wild attack against specific organizations in South Korea.

4️⃣ Countermeasures:
Vendors should pay special attention to versioning and vulnerability response for key modules used by legacy engines, as it is difficult for users to respond to exploits targeting software that uses outdated Windows libraries.

You can check the detailed insights in our report at the link below.

✅ Report Authors:
S2W TALON Analysts Hosu Choi, Minyeop Choi
👉 Full Report: https://bit.ly/4fbaHtD


If you have any questions about our cybersecurity reports, please don't hesitate to contact us.


List