In a recent development, Microsoft has rolled out updates to address more than 60 security vulnerabilities in Windows computers and related software. Among these updates are patches for two critical “zero-day” vulnerabilities in Windows that are currently being actively exploited. These updates also cover crucial security fixes for macOS, Adobe products, and the Chrome web browser, which has recently patched its own zero-day vulnerability.
One of the zero-day vulnerabilities, identified as CVE-2024-30051, is classified as an “elevation of privilege” flaw in a core Windows library. According to Tenable’s Satnam Narang, this vulnerability is being leveraged in post-compromise activities to elevate privileges for local attackers. The exploitation of CVE-2024-30051 involves the use of social engineering tactics through email, social media, or instant messaging to trick a target into opening a specially crafted document file. Once compromised, attackers can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which are security features designed to protect users from malicious files.
Another zero-day vulnerability, CVE-2024-30040, involves a security feature bypass in MSHTML, a component closely integrated with the default Web browser on Windows systems. Although Microsoft’s advisory on this flaw lacks detailed information, Kevin Breen from Immersive Labs highlighted that this vulnerability also impacts Office 365 and Microsoft Office applications.
Kaspersky Lab, one of the companies credited with reporting the exploitation of CVE-2024-30040 to Microsoft, detailed how they uncovered the exploit in a shared file on Virustotal.com. The exploit associated with this vulnerability has been observed in conjunction with QakBot and other malware strains. Originally emerging as a banking trojan in 2007, QakBot has evolved into a sophisticated malware variant utilized by multiple cybercriminal groups to prepare compromised networks for ransomware attacks.
The only flaw addressed with Microsoft’s highest severity rating this month is CVE-2024-30044, a vulnerability in SharePoint that Microsoft deems likely to be exploited. Despite this assessment, Narang points out that exploiting this flaw necessitates the attacker to be authenticated to a vulnerable SharePoint Server with specific permissions, reducing the likelihood of widespread exploitation.
Furthermore, Google recently released a security update for Chrome to address a zero-day vulnerability in the browser. Users of Chrome should be mindful of any “Relaunch to update” messages and restart their browsers to apply the necessary patches. Apple has also rolled out the macOS Sonoma 14.5 update with nearly twenty security fixes, while Adobe has critical security patches available for various products, including Acrobat, Reader, Illustrator, and more.
Regardless of the operating system being used, it is advised to backup data or systems before applying any security updates. For detailed information on the specific fixes released by Microsoft, the SANS Internet Storm Center provides a comprehensive list. Additionally, enterprise administrators maintaining Windows systems are encouraged to stay informed through platforms like askwoody.com, which often provides insights into Windows patch updates.