Microsoft rolled out its latest security updates on Tuesday, fixing around 60 vulnerabilities in various software products and drew urgent attention to an actively exploited zero-day reported by several external threat hunting teams.
The zero-day bug, labeled CVE-2024-30051, is documented as a heap-based buffer overflow in the Windows Desktop Window Manager (DWM) core library that has previously been exploited in privilege-requiring malware attacks SYSTEM high.
The bug carries a CVSS severity score of 7.8/10 and an “important” rating from Redmond.
Microsoft thanked security researchers at Kaspersky, DBAPPSecurity and Google’s Threat Analysis Group for identifying and reporting the issue, suggesting it may have already been used beyond targeted attacks.
As usual, Microsoft did not share details about leveraging IOCs to help defenders track signs of intrusion.
Microsoft also marked CVE-2024-30040 in the already exploited category, warning that attackers are bypassing security features in Microsoft 365 and Office. The flaw, which carries a CVSS score of 8.8, allows attackers to execute arbitrary code if a user attempts to load malicious files.
“This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office that protect users from vulnerable COM/OLE controls. An unauthenticated attacker who successfully exploited this vulnerability could achieve code execution by convincing a user to open a malicious document, in which case the attacker could execute arbitrary code in the context of the user,” Microsoft said. .
The company also urged Windows administrators to pay attention to CVE-2024-30044, a critical severity remote code execution vulnerability in Microsoft Sharepoint.
“An authenticated attacker with Site Owner permission can use this vulnerability to inject arbitrary code and execute that code in the context of SharePoint Server,” the Redmond Security Response Center warned.
“An authenticated attacker with Site Owner or higher permissions could upload a specially crafted file to the targeted Sharepoint server and create specialized API requests to trigger deserialization of the file’s parameters. This would allow the attacker to execute code remotely in the context of the Sharepoint server,” Microsoft added.
Related: Adobe fixes critical flaws in Reader and Acrobat
Related: Apple Patch Day: code execution flaws on iPhones, iPads and macOS
Related: Chrome exploited Zero-Day patched by Google
Related: SAP fixes critical vulnerabilities in CX Commerce and NetWeaver
Related: VMware Patch Vulnerabilities Exploited During Pwn2Own 2024
News Source : www.securityweek.com
Gn tech
