Patchday: Attackers attack Windows and gain system rights
Microsoft has released important security updates for Edge, Dynamics 365 and Windows, among others. Attacks are already underway.
Admins should ensure that Windows Update is active and the latest security patches are installed. Attackers are currently targeting two security vulnerabilities in Windows. Further attacks may be imminent.
Patch now!
The first exploited vulnerability(CVE-2024-30051 "high") affects Windows DWM Core Library. In addition to Windows 10 and 11, several Windows Server editions are also at risk. The details of the attacks are currently unknown. Microsoft states that the attack complexity is low and that no victim interaction is required for a successful attack.
If an attack succeeds, attackers acquire system rights. From such a position, attacks are usually expanded and ransomware, for example, is installed. As security researchers from Kaspersky report, attacks from the QakBot botnet are tailored to this vulnerability.
The second vulnerability currently in the focus of attackers(CVE-2024-30040 "high") affects the MSHTML platform in Windows. The vulnerability is in Microsoft's object system OLE and attackers can bypass a protection mechanism. As a result, attackers can misuse the OLE functionality to introduce malicious code onto systems. To do this, however, a victim must open a prepared document.
A vulnerability(CVE-2024-30046 "medium") in Visual Studio is publicly known, so attacks may be imminent. DoS attacks are possible via this vulnerability.
Further software vulnerabilities
There are also important security patches for Bing, Dynamics 365, SharePoint Server and other Windows components, among others. The majority of these vulnerabilities are classified as "high" threat level.
If attacks are successful, attackers can gain higher user rights or even execute malicious code. Microsoft has compiled further details on the vulnerabilities in the Security Update Guide.
(des)