Along with warning about 12 new vulnerabilities, the National Cyber Security Monitoring Center noted: High-level and serious information security vulnerabilities can be exploited by hackers to launch cyber attacks on systems in Vietnam.
Through recording information about new vulnerabilities from the November 2024 patch list just released by Microsoft, the National Cyber Security Monitoring Center - NCSC under the Department of Information Security has warned agencies and units across the country about 12 high-level and serious security vulnerabilities.
Of these, there are 7 vulnerabilities that allow attackers to execute remote code, including CVE-2024-43639 in Windows Kerberos; CVE-2024-43498 in .NET and Visual Studio; 5 vulnerabilities CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-49029, CVE-2024-49030 in Microsoft Excel.
Three vulnerabilities allow attackers to escalate privileges: CVE-2024-49039 in Windows Task Scheduler; CVE-2024-43625 in Microsoft Windows VMSwitch and CVE-2024-49019 in Active Directory Certificate Services.
CVE-2024-49040 in Microsoft Exchange Server and CVE-2024-43451 in Windows are two vulnerabilities that allow attackers to perform spoofing attacks.
According to NCSC, the high-level and serious vulnerability can be exploited by hackers to carry out illegal activities, causing information security risks and affecting information systems in Vietnam.
Therefore, agencies and organizations need to review to determine which systems are likely to be affected by the above 12 vulnerabilities, and then promptly fix them by updating the patch.
Units are also recommended to strengthen monitoring and prepare response plans when detecting signs of information systems being exploited or attacked; regularly monitor warning channels to detect early risks of cyber attacks.
Source: https://vietnamnet.vn/nguy-co-he-thong-thong-tin-trong-nuoc-bi-tan-cong-tu-khai-thac-12-lo-hong-moi-2342443.html
Comment (0)