Microsoft has released patches as part of its monthly security updates to address a total of 143 security flaws, two of which are under active exploitation in the wild.
Of the 143 deficiencies, 5 are rated essential, 136 are rated significant and 4 are rated average in severity. The recoveries are accompanied by 33 vulnerabilities that were addressed in the Chromium-based Edge browser at the speed of age.
The two security vulnerabilities that fall under exploitation are given below –
- CVE-2024-38080 (CVSS Ranking: 7.8) – Windows Hyper-V Elevation of Privilege Vulnerability
- CVE-2024-38112 (CVSS Ranking: 7.5) – Windows MSHTML Platform Spoofing Vulnerability
“Successful exploitation of this vulnerability requires the attacker to take additional actions prior to exploitation to prepare the target environment,” Microsoft said, citing CVE-2024-38112. “An attacker must send a malicious file to the victim which the victim must execute.”
Test level security researcher Haifei Li, who is credited with discovering and reporting the flaw in May 2024, said that blackmail actors are taking advantage of specially crafted Windows Web Shortcut record data (.URL), When clicked on, victims are redirected to a frightening situation. URL by invoking the retired Web Explorer (IE) browser.
“An additional trick on IE is used to hide the malicious .HTA extension name,” Lee defined. “By opening the URL with IE instead of the modern and more secure Chrome/Edge browser on Windows, the attacker gained a significant advantage in exploiting the victim’s computer, even though the computer is running a modern Windows 10/11 operating system.”
“CVE-2024-38080 is a high level of privilege flaw in Windows Hyper-V,” said Satnam Narang, senior workforce analytics engineer at Tenable. “A local, authenticated attacker could exploit this vulnerability to escalate privileges to the system level after initial compromise of the targeted system.”
While the exact timing of the CVE-2024-38080 exploit is unknown at this time, Narang said it is the first of 44 Hyper-V flaws to come under exploitation in the wild since 2022.
Two optional security flaws patched by Microsoft were listed as being publicly identified over the life of the drop. This includes a side-channel attack called FetchBench (CVE-2024-37985, CVSS rating: 5.9) that could allow an adversary to view heap memory from a privileged process running on an Arm-based system.
The second publicly disclosed vulnerability in question is CVE-2024-35264 (CVSS ranking: 8.1), a remote code execution worm affecting .NET and Visible Studio.
“An attacker could exploit this by shutting down the HTTP/3 stream while the request body is being processed, causing a race condition,” Redmond noted in an advisory. “This may result in remote code execution.”
37 remote code execution vulnerabilities affecting the SQL Server Local Shopper OLE DB Supplier, 20 Cache Boot Security Component Divergence vulnerabilities, 3 PowerShell privilege escalation bugs, and a spoofing vulnerability within the RADIUS protocol (CVE) were addressed as part of the Area Tuesday update. Additionally this has been resolved. -2024-3596 aka BlastRadius).
“(The SQL Server flaws) specifically affect the OLE DB provider, so not only will the SQL Server instance need to be updated, but client code running vulnerable versions of the connection driver will also need to be addressed,” Greg Wiseman, Rapid7’s government product supervisor, mentioned.
“For example, an attacker could use social engineering tactics to trick an authenticated user into attempting to connect to a SQL Server database configured to return malicious data, thereby causing arbitrary access to the client. Code execution is allowed.”
Completing the long list of patches is CVE-2024-38021 (CVSS rating: 8.8), a far-reaching code execution flaw in Microsoft Workplace that, if effectively exploited, could allow an attacker to gain top privileges. Can be found, including read, write, and delete capabilities.
Morphisek, which reported the flaw to Microsoft last April 2024, said the vulnerability no longer requires any authentication and poses a terrible threat due to its zero-click nature.
Michael Gorelick noted, “Attackers could exploit this vulnerability to gain unauthorized access, execute arbitrary code, and cause substantial damage without any user interaction.” “The absence of authentication requirements makes it particularly dangerous, as it opens the door to widespread exploitation.”
The improvement comes as Microsoft, ahead of its final push, announced that it will begin releasing CVE identifiers for cloud-related security vulnerabilities in the future in a fight to increase transparency.
Tool patches from alternative distributors
Along with Microsoft, security updates have also been released through other vendors over the past few weeks to address several vulnerabilities, including –
Discover more from news2source
Subscribe to get the latest posts sent to your email.
