As a precautionary measure, Microsoft has rolled out software program updates to patch no fewer than 139 vulnerabilities across multiple products and flavors of their operating systems. Attackers are actively exploiting at least two of the identified vulnerabilities in live attacks against Windows users.
The primary Microsoft zero-day vulnerability this month is a flaw within the Windows Shell element that affects Internet Explorer and Office programs. The CVE-2024-38080 vulnerability allows attackers to elevate their account privileges on Windows systems, potentially granting unauthorized access to sensitive information and data. While Microsoft claims this vulnerability is under attack, the company has revealed remarkably few details about its exploitation.
The opposite zero-day vulnerability is an example of, a weakness in, the proprietary rendering engine of Microsoft’s internet browser. According to senior director of risk analysis at [Company], exploiting CVE-2024-38112 likely necessitates orchestrating an “assault chain” of exploits or making programmatic adjustments on the target host, echoing Microsoft’s warning that “exploitation of this vulnerability requires an attacker to take additional actions beforehand to prepare the target environment.”
“According to Breen, the vulnerability affects all hosts starting from , including customers.” Due to rampant overhunting in its natural habitat, urgent conservation efforts are necessary to protect and preserve this species.
The company’s senior analysis engineer, scrutinizing the remote code execution vulnerability in the specific software. Successful attacks on this vulnerable location could lead to the revelation of NTLM hashes, potentially fuelling further exploitation through NTLM relaying or “pass-the-hash” attacks, allowing attackers to impersonate legitimate users without requiring authentication.
In 2023, a lucrative attack campaign leveraged the CVE-2023-23397 vulnerability in Microsoft Outlook, which exploited an elevation of privilege bug and also compromised sensitive NTLM hashes. “While CVE-2024-38021 poses no threat in its default state, as the Preview Pane itself is not a viable attack route, making it impossible to exploit simply by previewing the file.”
The cybersecurity agency that reported CVE-2024-38021 to Microsoft has expressed disagreement with the company’s assessment of the vulnerability’s severity, contending that the Workplace flaw warrants a more critical “important” rating due to its simplicity and potential ease of exploitation by attackers.
“The company’s evaluation highlights a crucial distinction: while trusted senders can exploit the vulnerability without user interaction, those deemed untrustworthy require at least one click of engagement from consumers, according to Morphisec.” “This reassessment is crucial to accurately convey the level of risk and ensure adequate resources are allocated for effective mitigation measures.”
Microsoft plugged a critical vulnerability in its Windows WiFi driver during the company’s latest Patch Tuesday update, which could be exploited by hackers to install malware on vulnerable systems by transmitting a specially crafted data packet via a local network. A critical vulnerability, CVE-2024-38053, has been identified this month in a widely-used system – another “ping-of-death” flaw that demands immediate attention from security-conscious users and necessitates prompt patching.
“The requirement necessitates secure access to the goal,” said Kikta. While this limitation would rule out a Russian-based ransomware attacker, it’s an aspect that falls outside conventional threat scenarios. In settings where multiple computers are connected to the same physical network, such as shared workplaces or conference facilities, an exploit can potentially take advantage of this shared infrastructure.
Automox has identified three vulnerabilities in Windows Remote Desktop, a service that assigns user access licenses (CALs) upon connection to a remote desktop host. Three vulnerabilities have been assigned a CVSS rating of 9.8, with each highlighting the potential for a malicious packet to trigger the weakness.
As we converse, the end of support dates for a well-known platform mark the culmination of an era; unfortunately, according to Shodan, this platform still boasts approximately 110,000 publicly accessible instances. This month, a staggering one-quarter or more of the vulnerabilities fixed by Microsoft pertain to SQL Server.
“While some companies may initially hesitate to upgrade, they’ll ultimately be forced to transition to supported versions of MS-SQL to avoid scrambling to replace outdated environments.”
As a best practice, Windows users are advised to stay current with essential security updates from Microsoft, lest they accumulate and potentially leave systems vulnerable to exploitation. You don’t necessarily have to apply Windows updates on Patch Tuesday. Allowing for a day or two extra before installing updates is a reasonable strategy, as most issues are typically resolved within 48 hours by Microsoft’s patch fixes. Prior to installing new updates, it’s highly recommended that you back up your data and/or create a snapshot of your Windows drive to ensure optimal system stability.
To gain a more in-depth understanding of the individual’s shortcomings highlighted by Microsoft, please consult For administrators responsible for maintaining large Windows environments, it often makes sense to scrutinize the Update History, as this frequently reveals which specific Microsoft updates are causing problems for numerous users.
For users encountering difficulties with these updates, consider posting a note in the feedback section; chances are, someone else reading here has encountered the same issue and may have a solution.
