.webp)
Microsoft released their security updates for May of 2024 which include fixes for two zero-day vulnerabilities: CVE-2024-30040 (CVSSv3: 8.8) and CVE-2024-30051 (CVSSv3:7.8). CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege Vulnerability) allows for a local attacker to exploit this vulnerability to gain system-level privileges. CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability) allows a remote attacker to bypass OLE mitigations in M365 and Microsoft Office that protect users from vulnerable COM/OLE controls. It requires an attacker to convince a user to load a malicious file into a vulnerable system and manipulate it. This can allow an unauthenticated attacker to achieve remote arbitrary code execution from the context of the user. Both of these vulnerabilities are known to be exploited and have each been added to CISA’s Known Exploited Vulnerabilities Catalog, giving them a heightened patch priority and associated risk.
Both vulnerabilities are known to be exploited and can be used to execute code or obtain heighted privileges. These vulnerabilities, if exploited would have a high impact on any system affected by these vulnerabilities.
These vulnerabilities impact the Windows Operating System (Windows 10/11, Windows Server 2016/2019/2022). A detailed list of the affected products as well as patches and KB articles are detailed on the vulnerability pages for each vulnerability at the Microsoft Security Response Center Security Update Guide.
Applying the latest Windows updates to endpoints through the latest cumulative update. You can also obtain individual packages for the updates through the Microsoft Update Catalog.
If you utilize Windows systems, checking for updates and applying them to your machine is what must be done at a user level.
If you oversee applying patches to an organization, ensuring a policy is in place for automatic provisioning of Windows updates is essential. Due to the high risk these vulnerabilities bring due to being actively exploited, it is essential to expedite the process that endpoints and servers receive this update.
Exploitation of any of these vulnerabilities can allow an attacker to gain elevated privileges within a system or execute arbitrary code. This enables the attacker to create a backdoor in an organization’s environment and perform lateral movement. This can cause monetary, data, and reputational loss as a result. This depends on the attacker’s motive, as malware such as ransomware could be downloaded, data could be leaked and sold, or the organization could be brought does through a denial-of-service situation.
Patch: We recommend patching these vulnerabilities and apply Windows and Windows Server updates as soon as they are available. This is due to two actively exploited zero days being patched through these latest updates.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051
https://msrc.microsoft.com/update-guide/
On this episode of the CyberWatch podcast, there are updates to software across the application and OS spectrum. New malicious campaigns are threatening victims of all sizes, and researchers have performed dissections on malware to give defenders new clues about just what it is they're fighting. All this today, in CyberWatch.
As we conclude our 'ransomware readiness week' of this Cybersecurity Awareness Month, it's time to take a critical look at your organization's defenses. Ransomware attacks are becoming more sophisticated, and no business is immune. In our latest article, we explore essential strategies to bolster your ransomware preparedness. Don't miss this vital information to help protect your business from emerging threats.
Ethical hacking has become an essential response to an IT industry kept on its toes by a spectrum of bad actors with malicious intent. This article introduces two prominent methodologies that help the good guys fight back: penetration testing (pen-testing) and red teaming. Learn more here.
Host Geoff Hancock was joined by guests Mike Rush, Director of Threat Intelligence at Access Point Consulting; and Evie Manning, Senior Director of Threat Hunting and Intelligence at Access Point Consulting. Together, they talked about cyber threat intelligence and the applications that can make it work for small and medium-sized businesses.
