heise PlusAbo
Anzeige

Patchday Microsoft: Older security updates exploited in new vulnerability

Microsoft has closed vulnerabilities in Azure, SharePoint and Windows, among others. Some gaps are considered critical.

listen Print view
Windows logo with stains and the inscription "Patchday"

(Image: heise online)

2 min. read
Security
By
Contents

Attackers are currently targeting four vulnerabilities in Publisher and Windows. In the worst case scenario, malicious code can get onto systems and completely compromise PCs. Security patches are available for download via Windows Update. As a rule, the service is set by default to install updates automatically.

Critical malicious code vulnerability

One of the attacked vulnerabilities (CVE-2024-43491) is classified as "critical" and affects certain versions of Windows 10 32-bit and 64-bit. As a result, Windows 10 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) is also vulnerable with security updates from March of this year. Microsoft provides further information in a post.

The vulnerability affects the Servicing Stack and removes the protection of certain older security patches for optional components such as XPS Viewer. As a result, attackers can re-exploit the vulnerabilities and attack systems.

Videos by heise

Even more attacks

The second vulnerability exploited by attackers (CVE-2024-38217 "medium") concerns the Mark of the Web protection mechanism. The approach marks files downloaded from the Internet as potentially dangerous. Attackers can bypass this and thus infect victims with a file containing malicious code. In addition to Windows 10 and 11, several Windows Server editions are also at risk.

This is also the case with the third attacked vulnerability (CVE-2024-38014 "high"). Attackers can gain system rights at this point. How such attacks work in detail is currently unknown.

The fourth vulnerability attacked (CVE-2024-38226 "high") affects Microsoft Publisher. Attackers bypass the function for blocking macros in Office documents. This allows them to circulate prepared documents that execute malicious code via the macro function. The extent of the attacks described is currently unknown.

Microsoft has also closed gaps in AllJoyn, Azure, Dynamics 365, SharePoint and SQL Server, among others. Attackers can use these vulnerabilities to execute malicious code or gain higher user rights.

Further information on all the gaps closed on this patchday can be found in Microsoft's Security Update Guide.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten