The Department of Information Security (Ministry of Information and Communications) has warned about high-level and serious information security vulnerabilities in Microsoft products.
Based on Microsoft's February 2024 patch list with 72 security vulnerabilities existing in the company's products, experts from the Department of Information Security assessed the level of danger of the vulnerabilities.
The Department of Information Security recommends that agencies, organizations, and businesses pay special attention to 9 vulnerabilities with high and serious impacts. Of which, CVE-2024-21410 in Microsoft Exchange Server is a vulnerability assessed as having a serious impact, allowing unauthenticated subjects to perform privilege escalation attacks.
Along with the CVE-2024-21410 vulnerability in Microsoft Exchange Server, two other information security vulnerabilities with serious impact are CVE-2024-21413, CVE-2024-21378 in the Microsoft Outlook information management support software. These vulnerabilities allow unauthenticated attackers to execute code remotely.
To ensure the safety of the unit's information system and contribute to protecting Vietnam's cyberspace, the Information Security Department recommends that agencies, organizations and enterprises urgently check and review to identify computers using the Windows operating system that are likely to be affected by the above security vulnerabilities.
In case the computer system is affected, units need to promptly update the patch to avoid the risk of cyber attacks. Agencies, organizations and businesses are also recommended to increase monitoring and prepare a response plan when detecting signs of exploitation and cyber attacks.
At the same time, units need to regularly monitor warning channels of authorities and large information security organizations to promptly detect cyber attack risks.
Cyber attacks on systems through exploiting security vulnerabilities are considered by experts to be one of the trends that organizations and businesses need to pay special attention to.
It is expected that in 2024, the Information Security Department will establish a platform for managing, detecting, and early warning of information security risks, allowing automatic notification to units about risks, vulnerabilities, and weaknesses in their systems as soon as the Department issues a warning.
Source
Comment (0)