minor fix (#969)

* minor fix * 0240904002 * Update 20240904002 Slight rewording. Changed recommendation to 48 hours. --------- Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>
wagov · Sep 4, 2024 · 66eadd4 · 66eadd4
1 parent daa9da4
commit 66eadd4
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/docs/advisories/20240904002-WinRAR-Active-Exploitation.md b/docs/advisories/20240904002-WinRAR-Active-Exploitation.md
@@ -0,0 +1,27 @@
+# WinRAR Vulnerability Active Exploitation - 20240904002
+
+## Overview
+
+The WA SOC has been made aware of active exploitation in the wild against WinRAR products allowing an attacker to execute arbitrary code on the system via a specially prepared archive.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
+| ------------------- | ---------- | --- | ---- | -------- |
+| WinRAR | < 6.23 | [CVE-2023-38831](https://nvd.nist.gov/vuln/detail/CVE-2023-38831) | 7.8 | High |
+
+
+## What has been observed?
+
+However, Proof of Concept (PoC) is made available, and there are reports of active exploitation in the wild.
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Vendor page: <https://www.win-rar.com/download.html>
+
+## Additional References
+
+- TheHackerNews article: <https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html>
diff --git a/utilities/tools/AD-Hoc-Threat-Hunting-Activities-WASOCv1.0.json b/utilities/tools/AD-Hoc-Threat-Hunting-Activities-WASOCv1.0.json
diff --git a/utilities/tools/Rapid-IOC-Search-Workbook-WASOCv1.0.json b/utilities/tools/Rapid-IOC-Search-Workbook-WASOCv1.0.json