CVE-2022-24934: WPS Office remote code execution vulnerability alert

According to a security report released by Czech security software Avast, a hacker group used the update program vulnerability of Kingsoft WPS office software to launch an attack. The CVE-2022-24934 vulnerability was discovered on February 10, 2022. According to the security company’s instructions, the vulnerability has been fixed and users need to upgrade to the latest version as soon as possible. Hackers modify the registry to exploit this vulnerability to achieve persistence and control the update process, and it is a zero-day vulnerability because the vulnerability was exploited before it was fixed.

The vulnerability number is CVE-2022-24934, and the WPS update program that contains the vulnerability is called wpsupdate.exe. According to the instructions, versions below 11.2.0.10382 should be affected by the vulnerability, but the latest version downloaded by my team is version 11.1.0.11369, which is lower than the target version. In addition, there is no security announcement on the official website, so it is not clear what is going on at the moment, but it is recommended that users of the old version check and upgrade to the new version immediately.

For questions about versions and security vulnerabilities, it is recommended that corporate customers contact Kingsoft directly to ensure that the versions installed on the company’s intranet are not affected by the vulnerabilities.