[ad_1]
Microsoft Corp. at present pushed software program updates to plug greater than 70 safety holes in its Home windows working methods and associated merchandise, together with two zero-day vulnerabilities which might be already being exploited in energetic assaults.
High of the heap on this Fats Patch Tuesday is CVE-2024-21412, a “safety function bypass” in the way in which Home windows handles Web Shortcut Recordsdata that Microsoft says is being focused in energetic exploits. Redmond’s advisory for this bug says an attacker would want to persuade or trick a consumer into opening a malicious shortcut file.
Researchers at Development Micro have tied the continuing exploitation of CVE-2024-21412 to a complicated persistent risk group dubbed “Water Hydra,” which they are saying has being utilizing the vulnerability to execute a malicious Microsoft Installer File (.msi) that in flip unloads a distant entry trojan (RAT) onto contaminated Home windows methods.
The opposite zero-day flaw is CVE-2024-21351, one other safety function bypass — this one within the built-in Home windows SmartScreen part that tries to display out probably malicious recordsdata downloaded from the Net. Kevin Breen at Immersive Labs says it’s necessary to notice that this vulnerability alone just isn’t sufficient for an attacker to compromise a consumer’s workstation, and as a substitute would doubtless be used along with one thing like a spear phishing assault that delivers a malicious file.
Satnam Narang, senior employees analysis engineer at Tenable, stated that is the fifth vulnerability in Home windows SmartScreen patched since 2022 and all 5 have been exploited within the wild as zero-days. They embrace CVE-2022-44698 in December 2022, CVE-2023-24880 in March 2023, CVE-2023-32049 in July 2023 and CVE-2023-36025 in November 2023.
Narang referred to as particular consideration to CVE-2024-21410, an “elevation of privilege” bug in Microsoft Trade Server that Microsoft says is more likely to be exploited by attackers. Assaults on this flaw would result in the disclosure of NTLM hashes, which might be leveraged as a part of an NTLM relay or “go the hash” assault, which lets an attacker masquerade as a authentic consumer with out ever having to log in.
“We all know that flaws that may disclose delicate info like NTLM hashes are very useful to attackers,” Narang stated. “A Russian-based risk actor leveraged an identical vulnerability to hold out assaults – CVE-2023-23397 is an Elevation of Privilege vulnerability in Microsoft Outlook patched in March 2023.”
Microsoft notes that previous to its Trade Server 2019 Cumulative Replace 14 (CU14), a safety function referred to as Prolonged Safety for Authentication (EPA), which offers NTLM credential relay protections, was not enabled by default.
“Going ahead, CU14 allows this by default on Trade servers, which is why it is very important improve,” Narang stated.
Rapid7’s lead software program engineer Adam Barnett highlighted CVE-2024-21413, a crucial distant code execution bug in Microsoft Workplace that might be exploited simply by viewing a specially-crafted message within the Outlook Preview pane.
“Microsoft Workplace sometimes shields customers from quite a lot of assaults by opening recordsdata with Mark of the Net in Protected View, which implies Workplace will render the doc with out fetching probably malicious exterior assets,” Barnett stated. “CVE-2024-21413 is a crucial RCE vulnerability in Workplace which permits an attacker to trigger a file to open in enhancing mode as if the consumer had agreed to belief the file.”
Barnett pressured that directors accountable for Workplace 2016 installations who apply patches outdoors of Microsoft Replace ought to observe the advisory lists no fewer than 5 separate patches which should be put in to realize remediation of CVE-2024-21413; particular person replace information base (KB) articles additional observe that partially-patched Workplace installations will probably be blocked from beginning till the proper mixture of patches has been put in.
It’s a good suggestion for Home windows end-users to remain present with safety updates from Microsoft, which may shortly pile up in any other case. That doesn’t imply you need to set up them on Patch Tuesday. Certainly, ready a day or three earlier than updating is a sane response, provided that typically updates go awry and often inside a number of days Microsoft has fastened any points with its patches. It’s additionally good to again up your knowledge and/or picture your Home windows drive earlier than making use of new updates.
For a extra detailed breakdown of the person flaws addressed by Microsoft at present, try the SANS Web Storm Middle’s checklist. For these admins accountable for sustaining bigger Home windows environments, it usually pays to control Askwoody.com, which steadily factors out when particular Microsoft updates are creating issues for various customers.
[ad_2]
