Patchday Microsoft: Internet Explorer component enables attacks
Microsoft has released important security patches for Azure, Exchange Server and Windows, among others. Attacks are already underway.
Updates are available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers are currently exploiting two security vulnerabilities in Windows. Further vulnerabilities are publicly known, so additional attacks may be imminent. Admins should ensure that Windows Update is active and the latest patches are installed.
Internet Explorer may be history, but the HTML rendering engine of the MSHTML web browser is still active in Windows. There is a vulnerability (CVE-2024-43451, risk"medium") that attackers are currently exploiting. However, a warning message from Microsoft does not indicate the extent of the attacks or how they can be detected.
The exploited vulnerabilities
In the course of the attacks, the attackers are planting prepared files on victims. Just one click on this file should be enough to initiate the attack. Attackers can then capture NTLMv2 hashes, which they can then use to authenticate themselves in other places. Current and older Windows desktop and Windows server versions are affected.
Videos by heise
The second exploited vulnerability (CVE-2024-49039,"high") affects the Windows Task Scheduler. According to an article, attacks are only possible if attackers are already authenticated in order to start a prepared application. If this is the case, the attacker can break out of an app container and execute code with possibly elevated rights (medium integrity level).
Further dangers
Four further vulnerabilities are publicly known and attacks on them could be imminent. A"critical" vulnerability (CVE-2024-43498) affects .NET and Visual Studio. In these locations, remote attackers can inject and execute malicious code without authentication by sending special requests to vulnerable instances.
There could also be attacks on Exchange Server(CVE-2024-49040,"medium"), Defender(CVE-2024-5535,"critical") and Active Directory(CVE-2024-49019,"high"). Attackers can gain higher user rights here, among other things.
Microsoft has also closed several gaps in Excel, SQL Server and various Windows components. Further information on the vulnerabilities and repaired versions can be found in Microsoft's Security Update Guide.
(des)
