According to the November patch list released by Microsoft, 12 new vulnerabilities have been reported.

Of these, 7 vulnerabilities allow remote execution attacks including: CVE-2024-43639 in Windows Kerberos; CVE-2024-43498 in .NET and Visual Studio; 5 vulnerabilities CVE-2024-49026; CVE-2024-49027, CVE-2024-29028, CVE-2024-49029, CVE-2024-49030 in Microsoft Excel.

Three vulnerabilities CVE-2024-49039 in Windows Task Scheduler; CVE-2024-43625 in Microsoft Windows VMSwitch and CVE-2024-49019 in Active Directory Certificate Services allow attackers to escalate privileges.

CVE-2024-49040 in Microsoft Exchange Server and CVE-2024-43451 in Windows are two vulnerabilities that allow attackers to perform spoofing attacks.

These vulnerabilities can be exploited by hackers to carry out illegal activities, causing information security risks and affecting information systems in Vietnam.

Therefore, agencies and units need to review and promptly fix the problem by updating the patch.

Units are also recommended to strengthen monitoring and prepare response plans when detecting signs of information systems being exploited or attacked; regularly monitor warning channels to detect early risks of cyber attacks.