Microsoft Corp. has taken action today to address a significant number of security vulnerabilities across various Microsoft products, including at least 139 security holes in different versions of Windows. Redmond has highlighted that attackers are currently taking advantage of two of these vulnerabilities in active attacks against Windows users.
The first zero-day vulnerability identified by Microsoft this month is CVE-2024-38080, a bug found in the Windows Hyper-V component that impacts Windows 11 and Windows Server 2022 systems. This vulnerability allows attackers to enhance their account privileges on a Windows machine. Despite Microsoft acknowledging that this vulnerability is being exploited, detailed information about the exploitation remains scarce.
Another zero-day vulnerability, CVE-2024-38112, has been discovered in MSHTML, the proprietary engine of Microsoft’s Internet Explorer web browser. Kevin Breen, a senior director of threat research at Immersive Labs, has noted that exploiting CVE-2024-38112 likely requires the use of an “attack chain” involving exploits or programmatic changes on the target host. Breen emphasized the importance of prioritizing the patching of this vulnerability due to active exploitation in the wild.
Satnam Narang, a senior staff research engineer at Tenable, has drawn attention to CVE-2024-38021, a remote code execution flaw in Microsoft Office. Exploiting this vulnerability could lead to the disclosure of NTLM hashes, which can be utilized as part of an NTLM relay or “pass the hash” attack. Morphisec, the security firm credited with reporting CVE-2024-38021 to Microsoft, has disagreed with Microsoft’s severity rating for this Office flaw and advocated for a more critical rating based on the ease of exploitation.
In the realm of local network vulnerabilities, Automox flagged CVE-2024-38053, a security weakness in Windows Layer Two Bridge Network, as a priority for patching. This local network vulnerability poses risks in shared office environments, hotels, and other locations where unknown computers share the same physical link.
Additionally, Automox highlighted three vulnerabilities in Windows Remote Desktop related to Client Access Licenses allocation. These vulnerabilities, CVE-2024-38077, CVE-2024-38074, and CVE-2024-38076, have high CVSS scores due to the potential for malicious packets to trigger the vulnerabilities.
Tyler Reguly at Forta highlighted the End of Support date for SQL Server 2014, cautioning that many instances are still publicly available. With more than a quarter of vulnerabilities addressed by Microsoft this month affecting SQL Server, organizations are urged to update promptly to supported versions.
It is advisable for Windows users to remain vigilant about installing security updates from Microsoft to mitigate potential risks. However, it is also recommended to wait a day or two before updating to ensure the patches are stable. Backing up data and imaging Windows drives before applying updates is a prudent precautionary measure.
For a comprehensive breakdown of the vulnerabilities addressed by Microsoft in this update, the SANS Internet Storm Center provides a detailed list. Administrators responsible for managing large Windows environments are encouraged to monitor Askwoody.com for insights on potential issues arising from specific Microsoft updates.
In case users encounter any difficulties while applying updates, sharing their experiences in the comments section can help create a supportive community where solutions can be shared among users experiencing similar issues.