Patchday: Attackers attack Windows and gain system rights
Microsoft has released important security updates for Hyper-V, Office, Share Point and Windows, among others. One vulnerability is already being exploited.
Updates are available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Due to ongoing attacks on current Windows desktop and Windows server versions, admins should ensure that Windows Update is active and the latest security patches are installed. The developers have also closed several gaps that can be used to get malicious code onto systems.
Vulnerability actively exploited
According to a warning message, the currently exploited vulnerability (CVE-2024-49138, risk"high") affects various Windows 10 and Windows 11 editions. Windows Server is threatened in several versions such as 2008 and 2022. If attacks are successful, attackers gain higher user rights.
Videos by heise
In this case, according to Microsoft, these are system rights. In such a position, attackers can usually cause far-reaching damage. Such attacks are often combined with other vulnerabilities in order to execute malicious code, for example. Microsoft is not currently specifying how the attacks are carried out. It also remains unclear to what extent the attacks take place.
Further dangers
A"critical" malicious code vulnerability (CVE-2024-49112) affects current Windows and Windows Server versions. It is located in the Lightweight Directory Access Protocol (LDAP). Further information on the course of attacks or how admins can detect computers that have already been attacked is not yet available. If admins are unable to install this security update immediately, Microsoft recommends disconnecting domain controllers from the Internet.
Other malware vulnerabilities affect various Windows components such as Remote Desktop Services. Hyper-V can also be infected with malicious code. These vulnerabilities are classified as"high" threat level. Office is also susceptible to malicious code attacks. In addition, attackers can intercept and extract information without authorization.
Further information on the vulnerabilities closed on this December patchday and the Microsoft software at risk can be found in the Security Update Guide.
On the November patch day, Microsoft also had to patch security vulnerabilities that had already been actively attacked.
(des)
