Identification of the critical arbitrary code execution bugs, tracked as CVE-2024-4879 and CVE-2024-5217, as well as the medium severity flaw, tracked as CVE-2024-5178, has been followed by widespread network scanning for vulnerable instances.
Even though there has been no clear evidence indicating ongoing active exploitation of CVE-2012-4792, the vulnerability, which could enable remote execution of arbitrary code, had been leveraged in watering hole attacks deployed against Capstone Turbine Corporation and the Council on Foreign Relations almost 12 years ago.
While IPC Template Instances delivered to the Falcon sensor via Rapid Response Content updates between March and April were thoroughly examined by CrowdStrike's Content Validator, one of the two other IPC Template Instances pushing the identification of Named Pipes exploitation deployed last week was not determined to be problematic due to the flaw.