Patchday Microsoft: Attackers attack Windows 11 via Hyper-V

Important security updates close vulnerabilities in Azure, Defender for IoT and Windows, among others. In total, Microsoft has closed over 130 security vulnerabilities in its products. If attacks are successful, attackers can gain higher user rights or even execute malicious code. Two Windows vulnerabilities are currently being actively exploited.

Beware of attacks!

One exploited vulnerability (CVE-2024-38080 "high") affects the Hyper-V virtualization technology under Windows 11 and Windows Server 2022. For an attack to be successful, users must already have low privileges. If this is the case, they can gain system rights in an unspecified way. In such a position, attackers have a high probability of completely compromising computers. The extent of the attacks is currently unknown.

The second exploited vulnerability (CVE-2024-38112 "high") affects the HTML rendering engine MSHTML. This is a spoofing attack. Microsoft does not currently specify what attackers can do after a successful attack. However, exploitation is not possible without further ado and attackers have to foist a manipulated file on victims, which they then open. In addition to Windows 11, Windows 10 and various server editions are also affected.

Further dangers

Two vulnerabilities are publicly known and attacks could be imminent. Attackers can view memory areas under Windows 11 (CVE-2024-37985 "medium") or execute malicious code in the context of Visual Studio (CVE-2024-35264 "high").

Attacks on Azure Network Watcher, PowerShell and SQL Server Native Client are also conceivable. Attackers can execute their own code at these points, among other things.

Microsoft provides further information on the vulnerabilities closed on this patchday and the threatened software in the Security Update Guide. Errors appearing in the update preview, such as the disappearance of the taskbar and reboots, have now been resolved.

(des)