These vulnerabilities have a High impact rating. and Serious, can be exploited by attackers to perform illegal acts, causing information security risks and affecting information systems of agencies, organizations and businesses.
Information security vulnerabilities exist in a number of Microsft products such as: Windows and Windows components; Office and Office components; Azure; .NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; Windows VMSwitch.
NCSC recommends that agencies, units and enterprises study information about these information security vulnerabilities, conduct system reviews, handle network information security issues in the system and send review report results to NCSC's email address.
At the same time, NCSC recommends that agencies, units and businesses strengthen monitoring and prepare response plans when detecting signs of cyber exploitation and attacks.
Regularly monitor warning channels of authorities and large information security organizations to promptly detect cyber attack risks.
Check, review, and identify computers using Windows operating systems that are potentially affected. The best solution is to update the patch for the above information security vulnerabilities according to the manufacturer's instructions.
12 High Impact and Critical Security Vulnerabilities
According to the NCSC, this month's release is particularly notable for the following high impact and critical security vulnerabilities:
CVE-2024-43639 Windows Kerberos vulnerability allows attackers to execute code remotely.
CVE-2024-43498 Security vulnerability in .NET and Visual Studio allows attackers to execute remote code.
CVE-2024-49039 vulnerability in Windows Task Scheduler allows attackers to escalate privileges. The vulnerability is currently being exploited in the wild.
CVE-2024-43625 vulnerability in Microsoft Windows VMSwitch allows attackers to escalate privileges.
5 information security vulnerabilities CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-49029, CVE-2024-49030 in Microsoft Excel allow attackers to execute remote code.
CVE-2024-49019 Active Directory Certificate Services vulnerability allows an attacker to escalate privileges. Details of the vulnerability have been made public.
CVE-2024-49040 Microsoft Exchange Server vulnerability allows attackers to perform spoofing attacks. Details of the vulnerability have been made public.
Windows security vulnerability CVE-2024-43451 exposes NTLM hashes, allowing attackers to perform spoofing attacks. The vulnerability is currently being exploited in the wild.
Source: https://daidoanket.vn/nguy-co-mat-an-toan-thong-tin-tu-cac-lo-hong-bao-mat-trong-san-pham-cua-microsoft-10294618.html
Comment (0)