The analysis, assessment and warning to units in Vietnam about security vulnerabilities in Microsoft products that have high and serious impacts is an activity periodically carried out by the National Cyber Security Monitoring Center - NCSC under the Department of Information Security (Ministry of Information and Communications), according to the periods when Microsoft announces the release of a list of patches for vulnerabilities existing in its products.
The October patch list was announced by Microsoft on October 8, with a total of 121 new security vulnerabilities, including 117 vulnerabilities in its own products and 4 vulnerabilities in third-party products that affect Microsoft.
Through evaluating security vulnerabilities according to the list published by Microsoft, the National Cyber Security Monitoring Center has just requested agencies, organizations and businesses in Vietnam to pay special attention to 9 vulnerabilities with high and serious impact.
Of the 9 new security vulnerabilities warned to units in Vietnam, 7 allow attackers to execute code remotely, including: CVE-2024-43468 in 'Microsoft Configuration Manager'; CVE-2024-43582 in 'Remote Desktop Protocol Server'; CVE-2024-43572 in 'Microsoft Management Console'; CVE-2024-43504 in 'Microsoft Excel'; 2 vulnerabilities CVE-2024-43576, CVE-2024-43616 in 'Microsoft Office'; and CVE-2024-43505 in 'Microsoft Office Visio'.
The warning also states that the CVE-2024-43583 vulnerability in 'Microsoft Winlogon' allows attackers to escalate privileges. Meanwhile, the CVE-2024-43573 vulnerability in 'Windows MSHTML Platform' allows spoofing attacks.
Notably, among the nine new security vulnerabilities existing in Microsoft products, experts also noted that detailed information about the vulnerability CVE-2024-43583 in 'Microsoft Winlogon' has been publicly announced; while the two vulnerabilities CVE-2024-43572 in 'Microsoft Management Console' and CVE-2024-43573 in 'Windows MSHTML Platform' are both being exploited in practice.
The Department of Information Security said that the above vulnerabilities have a high and serious impact level and can be exploited by attackers to carry out illegal acts, causing information security risks and affecting information systems of agencies, organizations and businesses.
Therefore, it is recommended that agencies, organizations and businesses in Vietnam check, review and identify computers using Windows operating systems that are likely to be affected.
In case of impact, the best remedy is to update the patch for new security vulnerabilities according to Microsoft's instructions.
The Department of Information Security also requested units in Vietnam to strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks; at the same time, regularly monitor warning channels of functional agencies and large information security organizations to promptly detect cyber attack risks.
According to the report on the situation of network information security in Vietnam recently published by the Department of Information Security on the National Cyber Portal on October 14, in September 2024, the remote monitoring and scanning system of the NCSC Center detected more than 1,600 vulnerabilities in 5,000 systems that are open to the public on the Internet.
Also in September, the NCSC Center recorded 12 newly announced security vulnerabilities, with serious and high impact levels, which can be exploited by bad actors to attack and exploit the systems of domestic agencies and organizations.
The above security vulnerabilities, according to the Department of Information Security, are vulnerabilities that exist in popular products of many agencies, organizations, and businesses.
"It is recommended that units conduct a comprehensive inspection and review of their systems to determine whether their systems use products affected by vulnerabilities, and promptly take timely remedial measures to protect information security. At the same time, continuously update information on new vulnerabilities and cyber attack trends," the Information Security Department recommended.
Source: https://vietnamnet.vn/nguy-co-he-thong-tai-viet-nam-bi-tan-cong-mang-tu-9-lo-hong-bao-mat-moi-2331752.html
Comment (0)