16 new security vulnerabilities that can expose systems using Microsoft software to attacks

Scan to identify Windows computers affected by vulnerabilities

The Department of Information Security (Ministry of Information and Communications) has just sent a warning about 16 high-level and serious security vulnerabilities in Microsoft products to IT and information security units of ministries, branches, and localities; state-owned corporations and groups, along with joint-stock commercial banks and financial institutions.

The above vulnerabilities were warned by the Information Security Department based on assessment and analysis from the April 2024 patch list announced by Microsoft with 147 vulnerabilities existing in the products of this technology company.

Among the 16 newly warned security vulnerabilities, there are 2 vulnerabilities that experts recommend needing special attention, which are: CVE-2024-20678 vulnerability in Remote Procedure Call Runtime - RPC (a Windows component that facilitates communication between different processes in the system over the network - PV), allowing attackers to execute code remotely; CVE-2024-29988 vulnerability in SmartScreen (a security feature built into Windows), allowing attackers to bypass the protection mechanism.

The list of security vulnerabilities in Microsoft products warned this time also includes 12 vulnerabilities that allow attackers to execute code remotely, including: 3 vulnerabilities CVE-2024-21322, CVE-2024-21323, CVE2024-29053 in 'Microsoft Defender for IoT'; vulnerability CVE-2024-26256 in the open source library Libarchive; vulnerability CVE-2024-26257 in Microsoft Excel spreadsheet; 7 vulnerabilities CVE-2024-26221, CVE-2024-26222, CVE2024-26223, CVE-2024-26224, CVE-2024-26227, CVE-2024-26231 and CVE2024-26233 in 'Windows DNS Server'.

In addition, units are also advised to pay attention to two vulnerabilities that allow subjects to perform spoofing attacks, including vulnerability CVE-2024-20670 in Outlook for Windows software that exposes 'NTML hash' and vulnerability CVE-2024-26234 in Proxy Driver.

The Information Security Department recommends that agencies, organizations and businesses check, review and identify computers using Windows operating systems that are likely to be affected, and promptly update patches to avoid the risk of cyber attacks. The goal is to ensure information security for the information systems of units, contributing to ensuring the safety of Vietnam's cyberspace.

Units are also advised to strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks. Along with that, regularly monitor the warning channels of competent authorities and large information security organizations to promptly detect cyber attack risks.

Also in April, the Information Security Department warned and instructed units to review and fix the security vulnerability CVE-2024-3400 in PAN-OS software. The exploit code of this vulnerability has been used by the subject to attack the information systems of many agencies and organizations. Units using PAN-OS software are recommended to update the patch for affected versions released on April 14.

Prioritize addressing potential risks in the system

Attacking systems by exploiting security vulnerabilities of commonly used software and technology solutions is always considered by experts to be one of the prominent cyber attack trends. Not only exploiting zero-day vulnerabilities (vulnerabilities that have not been discovered) or new security vulnerabilities announced by companies, cyber attack groups also actively scan for previously discovered security vulnerabilities to exploit and use as a springboard to attack systems.

However, in reality, the Department of Information Security and agencies and units operating in the field of information security regularly issue warnings about new vulnerabilities or new attack trends, but many agencies and units have not really paid attention to updating and handling them promptly.

Sharing about a specific case of supporting an organization that was attacked at the end of March, expert Vu Ngoc Son, Technical Director of NCS Company, said: “After analyzing, we realized that the incident should have been handled earlier, because this organization had been warned that the receptionist account was compromised and needed to be handled immediately. Because they thought the receptionist account was not important, this organization ignored it and did not handle it. The hacker used the receptionist account, exploited the vulnerability, took administrative rights and attacked the system.”

Statistics shared by the Department of Information Security at the end of last year showed that more than 70% of organizations have not paid attention to reviewing and handling updates and patching vulnerabilities and weaknesses that have been warned.

Faced with the above situation, in the 6 groups of key tasks recommended for ministries, branches, localities, agencies, organizations and enterprises to focus on implementing in 2024, the Department of Information Security requested units to prioritize resolving potential risks or risks that are already present in the system.

“Units should address known risks and existing risks on the system before thinking about investing to protect themselves from new risks. Periodically checking and evaluating information security according to regulations and hunting for threats to detect and eliminate risks on the system is very important and needs to be done regularly,” emphasized the representative of the Information Security Department.

The Ministry of Information and Communications will establish a platform to support early warning of information security risks . Expected to be established in 2024, the platform for managing, detecting, and early warning of information security risks will automatically notify agencies and organizations about risks, vulnerabilities, and weaknesses in the unit's information system.