Patch Tuesday is over and all we have left is what is colloquially known in cybersecurity circles as Exploit Wednesday. This month, this may be more problematic than usual for Windows users, as Microsoft confirms four zero-day threats and adds one that can bypass a critical Windows security feature that helps protect against ransomware attacks.
Microsoft has shown non-unusual vulnerabilities and exposures number 38217 of 2024, known as CVE-2024-38217, and they are bad. That is, this should be taken for granted since it is classified as a zero-day vulnerability. According to Microsoft’s definition, a zero-day vulnerability is a flaw for which “no official patch or security update has been released. “Microsoft adds that zero-day vulnerabilities “often have peak levels of vulnerability. “gravity and are actively exploited. “
In the case of CVE-2024-38217, the vulnerability was publicly disclosed and active exploitation was detected. That makes it a worst-case scenario, only tempered by the fact that the fix is included in the new Patch Tuesday security update.
So, what threat does it pose specifically? It’s what is known as a security feature bypass vulnerability because it allows an attacker to get around the protections that Mark of the Web provides for Windows users. “This vulnerability allows an attacker to manipulate the security warnings that typically inform users about the risks of opening files from unknown or untrusted sources,” Saeed Abbasi, manager of vulnerability research at the Qualys Threat Research Unit, said. “Similar MoTW bypasses have historically been linked to ransomware attacks, where the stakes are high.”
Last month, Microsoft published an advisory about another actively exploited MotW vulnerability, CVE-2024-38213, similar to an infamous malware family circle called DarkGate, used by ransomware hackers. Satnam Narang, senior research engineer at Tenable, warns that there are two zero-day vulnerabilities that can bypass security features in this latest edition of the Windows security update. CVE-2024-38226 is a flaw in Microsoft Publisher and can lead to the bypass of vital security features that block the execution of Microsoft Office macros. In any of the circumvention cases, Narang said, “the target will have to be convinced to open a specially crafted record from a file controlled by the attacker. ” server. Where they differ is that an attacker would have to be authenticated to the formula and have local access to it to exploit CVE-2024-38226. Narang urges organizations to put those vulnerabilities at the most sensible level possible. risk remediation list.
A community. Many voices. Create a free account to share your thoughts.
Our network aims to connect others through open and thoughtful conversations. We need our readers to share their perspectives and exchange ideas and facts in one space.
To do this, please comply with the posting regulations in our site’s terms of use. We summarize some of those key regulations below. In short, civilized.
Your message will be rejected if we notice that it appears to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a user?
Thank you for reading our Community Standards. Read the full list of posting regulations discovered in our site’s Terms of Use.