Abo
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten

Patchday Microsoft: Attackers attack Office and Windows with malicious code

Important security updates have been released for various Microsoft products. Due to ongoing attacks, admins should act quickly.

Save to Pocket listen Print view
Windows logo with stains and the inscription "Patchday"

(Image: heise online)

2 min. read
Security
By
Contents

Attackers are currently targeting Office and various versions of Windows and Windows Server. In some cases, malicious code can get onto computers and compromise systems. Security patches are available via a Windows update. They are usually installed automatically. However, due to the attacks, admins should urgently check the patch status.

Malicious code attacks

Attackers are currently exploiting a total of six software vulnerabilities. One of these(CVE-2024-38189"high") affects Office LTSC2021, Project 2016, 365 Apps for Enterprise and Office 2019 in the 32- and 64-bit versions.

For an attack to be successful, however, a victim must open an Office Project file prepared with macros. In addition, the protection function that prohibits macros in documents downloaded from the Internet must be deactivated. If this is the case and a victim opens a file sent by e-mail, for example, malicious code is transferred to PCs. Attackers should not be able to launch attacks via the preview function.

The other exploited vulnerabilities affect various Windows and Windows Server versions. These include Windows 11 22H2. In one case(CVE-2024-38178"high"), attackers must trick victims into running Edge in Internet Explorer mode. If this is the case, they then plant a crafted link in the victim's browser. Clicking on it leads to a memory error in the scripting engine component and malicious code is executed.

Advisory obviously forgotten

According to security researchers at Trend Micro, attackers have been exploiting an attacked vulnerability(CVE-2024-328213"medium") to bypass the SmartScreen protection function since March of this year. The researchers state that Microsoft already closed the gap in June, but has only now published the warning message.

Four other vulnerabilities(CVE-2024-38200"high", CVE-2024-38199"critical", CVE-2024-21302"medium", CVE-2024-38202"high") in various Windows components are publicly known and attacks may be imminent. Attackers can use these vulnerabilities to gain higher user rights, among other things.

Microsoft lists information on the remaining closed vulnerabilities in the Security Update Guide.

On Patchday in August, Microsoft also resolved a printer problem with 365 Defender that was caused by server updates from July. The developers also fixed a bug that could cause PCs to start in Bitlocker recovery mode.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Spiele

Back to top
Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten