Saturday, December 14, 2024
HomeCVE/vulnerabilityWindows MSHTML Zero-Day Vulnerability Exploited In The Wild

Windows MSHTML Zero-Day Vulnerability Exploited In The Wild

Published on

SIEM as a Service

Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to mitigate a code execution flaw rated at CVSS 9.8. 

Other critical vulnerabilities were found in Photoshop, Illustrator, Premier Pro, After Effects, Audition, and Media Encoder.

Adobe prioritizes these updates for deployment due to their critical nature and potential for exploitation.

- Advertisement - SIEM as a Service

While Microsoft has released 79 new security patches for various Windows and Microsoft products this month, seven vulnerabilities are classified as critical, 71 as important, and one as moderate. 

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

This month’s release volume is similar to the previous month’s, but it’s noteworthy that many of these bugs are actively being exploited.

They had discovered a critical remote code execution vulnerability in Windows 10 systems.

This vulnerability, CVE-2024-43491, is caused by a flaw in the Servicing Stack that allows attackers to downgrade optional components and potentially execute malicious code. 

While not currently being exploited in the wild, it highlights the importance of keeping systems up-to-date with the latest security patches, including both the servicing stack update (KB5043936) and the security update (KB5043083).

Recent security updates address vulnerabilities in Microsoft Publisher and Windows.

An attacker can exploit CVE-2024-38226 by tricking a user into opening a specially crafted Publisher file, which bypasses macro policies and allows for code execution. 

CVE-2024-38217 involves a MoTW bypass vulnerability that could be exploited by ransomware gangs targeting crypto traders.

While no specific details are provided about the attacks, it’s clear that these vulnerabilities pose significant risks to users and organizations.

CVE-2024-38014 exploits a vulnerability in Windows Installer, which allows attackers to elevate their privileges to SYSTEM without being detected. 

CVE-2024-43461 is a spoofing vulnerability in the MSHTML platform that can be used for code execution.

Both vulnerabilities are being actively exploited in the wild, and it is recommended to apply the patches as soon as possible.

Microsoft has released a series of critical patches addressing vulnerabilities in various products, including SharePoint, Azure Stack Hub, TCP/IP, Remote Desktop Licensing Service, SQL Server Native Scoring, Azure CycleCloud, and Power Automate Desktop. 

According to ZDI, these vulnerabilities could lead to code execution, privilege escalation, and other security breaches. Organizations are strongly advised to apply these patches promptly to mitigate the risks associated with these vulnerabilities.

The September update addresses 30 Elevation of Privilege (EoP) bugs, many leading to SYSTEM-level code execution or administrative privileges. Two Security Feature Bypass (SFB) bugs, both related to web browsing, are also patched. 

Additionally, 11 information disclosure bugs are fixed, with some potentially revealing sensitive data.

Spoofing and denial-of-service (DoS) vulnerabilities are also addressed, with varying impact levels, while the DoS in Hyper-V could allow a guest OS to affect the host OS.

Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar

Latest articles

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...

New Android Banking Malware Attacking Indian Banks To Steal Login Credentials

Researchers have discovered a new Android banking trojan targeting Indian users, and this malware...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...