Microsoft has released a significant batch of security updates addressing 72 vulnerabilities in the Windows ecosystem, with a focus on three specific vulnerabilities that have been exploited in live malware attacks. These include a remote code execution bug in Microsoft Office (CVE-2024-21413) and two security feature bypass bugs in Windows (CVE-2024-21412 and CVE-2024-21351).
Details:
- CVE-2024-21413: This vulnerability in Microsoft Office could be exploited via the software’s Preview Pane security mitigation, allowing an attacker to bypass Office Protected View and open a document in editing mode rather than protected mode. The flaw has a CVSS severity score of 9.8 out of 10.
- CVE-2024-21412 and CVE-2024-21351: These security feature bypass vulnerabilities in Windows have been exploited in malware attacks. Cybercriminals are launching phishing and spoofing attacks that bypass the operating system’s security protections.
One of the exploited bugs, CVE-2021-43890, dates back to 2021 and is associated with malware families such as Emotet/Trickbot/Bazaloader. Microsoft Threat Intelligence has observed an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users.
Impact:
Successful exploitation of these vulnerabilities could lead to remote code execution, security feature bypass, information disclosure, and privilege escalation attacks. Users are at risk of falling victim to malware attacks that bypass the operating system’s security measures.
Mitigation:
Microsoft urges Windows administrators to promptly apply the security updates to protect against potential exploitation. Users should also exercise caution when clicking on links from unknown sources and be vigilant about security warnings.
Stay safe and informed,
OP Innovate.
