New vulnerabilities in products and solutions of large technology companies such as Microsoft are always exploited by attackers as a 'springboard' to infiltrate and attack information systems of agencies, organizations and businesses.

From the June 2024 patch list with 49 information security vulnerabilities in Microsoft products released by the global technology company on June 11, experts from the Department of Information Security (Ministry of Information and Communications) analyzed and sent warnings to agencies, organizations and businesses in Vietnam.

lo-hong-1-1.jpg
Exploiting new vulnerabilities of popular technology products to infiltrate and attack systems is one of the prominent cyber attack trends. Illustration: Internet

Accordingly, in a new warning sent to specialized IT and information security units of ministries, branches and localities; corporations, state-owned enterprises and banks and financial institutions nationwide, the Department of Information Security requested that these units take special note of 7 information security vulnerabilities with high and serious impacts, existing in Microsoft products.

Specifically, the newly warned information security vulnerabilities include: CVE-2024-30080 in Microsoft Message Queuing; CVE-2024-30103 in Microsoft Outlook; CVE-2024-30078 in Windows Wi-Fi Driver; CVE-2024-30100 in Microsoft SharePoint Server; 3 vulnerabilities CVE-2024-30101, CVE-2024-30102 and CVE2024-30104 in Microsoft Office. All 7 of these information security vulnerabilities allow attackers to execute code remotely.

W-information-security-human-resources-1-1.jpg
Agencies, organizations and businesses are required to strengthen monitoring and prepare response plans when detecting signs of cyber exploitation and attacks. Illustration photo: L.Anh

To ensure information security for the unit's information system, contributing to ensuring the safety of Vietnam's cyberspace, the Information Security Department recommends that agencies, organizations and enterprises check, review and identify computers using Windows operating systems that are likely to be affected by the above information security vulnerabilities. In case of impact, agencies, organizations and enterprises need to update the patch promptly to avoid the risk of cyber attacks on the system under the management of the unit.

At the same time, the Information Security Department also requested agencies, organizations and businesses to strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks. At the same time, regularly monitor the warning channels of competent agencies and large organizations on information security to promptly detect cyber attack risks.

In the first 5 months of this year, the technical system of the National Cyber ​​Security Monitoring Center - NCSC under the Department of Information Security, recorded more than 425,000 weaknesses and information security vulnerabilities in servers, workstations, and information systems of state agencies and organizations.

Also in the first months of this year, the remote monitoring and scanning system of the National Cyber ​​Security Monitoring Center detected an average of more than 1,600 vulnerabilities per month on 5,000 systems open to the public on the Internet.

Every month, the NCSC Center also records 12 newly announced vulnerabilities, which have a serious impact level and can be exploited to attack and exploit the systems of agencies and organizations. These are vulnerabilities that exist in popular products of many agencies, organizations and businesses.

Therefore, in periodic warnings, the Department of Information Security always recommends that units need to comprehensively check and review their systems to help determine whether their systems use products affected by the warned vulnerabilities, and quickly take timely remedial measures to protect information security. At the same time, continuously update information on new vulnerabilities and attack trends in cyberspace.

Hackers increase speed of exploiting new vulnerabilities to attack networks

Hackers increase speed of exploiting new vulnerabilities to attack networks

Hackers are increasingly exploiting newly disclosed vulnerabilities to launch cyber attacks on the systems of agencies and organizations.
8 new security vulnerabilities that could affect systems in Vietnam

8 new security vulnerabilities that could affect systems in Vietnam

Of the 8 high-level and serious security vulnerabilities that exist in Microsoft products that have just been warned by the Department of Information Security (Ministry of Information and Communications), 4 vulnerabilities are being exploited in reality.
Warning: Security vulnerability in Check Point firewall is being exploited by hackers

Warning: Security vulnerability in Check Point firewall is being exploited by hackers

The highly critical vulnerability CVE-2024-24919 allows an attacker to read the contents of arbitrary files in the 'Check Point Security Gateways' firewall product. This vulnerability is being exploited in the wild.