On Tuesday, Microsoft released a set of critical updates addressing a total of 90 security vulnerabilities within its software, including ten zero-day exploits. Notably, six of these zero-days are actively being leveraged in real-world attacks, raising significant concerns regarding the potential for widespread exploitation in the wild.
The vulnerabilities span a range of severity levels, with nine classified as Critical, 80 as Important, and one as Moderate. These updates also follow the resolution of 36 vulnerabilities in Microsoft’s Edge browser that were disclosed last month, highlighting the tech giant’s ongoing commitment to securing its software ecosystem.
Among the vulnerabilities addressed in the latest Patch Tuesday are six zero-day exploits that have been confirmed to be under active use by threat actors. These include vulnerabilities such as CVE-2024-38189, a Remote Code Execution flaw in Microsoft Project, and CVE-2024-38178, which pertains to memory corruption in the Windows Scripting Engine. Additional issues involve various elevation of privilege vulnerabilities within core Windows components, notably impacting the system’s vulnerability to unauthorized access.
Particularly concerning is CVE-2024-38213, identified as a bypass of the SmartScreen feature, which requires attackers to send malicious files to victims to exploit the vulnerability. Trend Micro, the security firm credited with discovering this exploit, has indicated that this could provide a bypass for previously reported vulnerabilities exploited by malware families like DarkGate. This development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add these vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating that federal agencies apply the necessary fixes by September 3, 2024.
The identified vulnerabilities are particularly critical given the potential for attackers to leverage them to gain unauthorized access or escalate privileges within a target system. Methods such as phishing could be utilized for initial access, employing techniques that encourage users to execute malicious files or click links leading to exploitation.
Impacted entities may find their systems vulnerable to persistent threats, as the risk of exploitation for gaining SYSTEM privileges is significant with the recent updates. Cybersecurity professionals would be wise to consider the implications of these risks in conjunction with the MITRE ATT&CK Matrix’s tactics, such as privilege escalation and persistence, to better understand the evolving threat landscape.
Organizations affected by these vulnerabilities span multiple sectors, particularly in the U.S., emphasizing the necessity for proactive measures in cybersecurity hygiene. As Microsoft continues to release updates addressing these critical issues, business owners and IT professionals alike are urged to remain vigilant and prioritize system updates to mitigate risks associated with these newly disclosed vulnerabilities.
In summary, the latest round of updates from Microsoft marks a significant effort to fortify its software against a backdrop of increasing cyber threat activity. With actively exploited vulnerabilities targeting a wide array of Microsoft products, the urgency for organizations to implement these security measures is paramount, as the cyber landscape continues to evolve rapidly.
