Patch Tuesday: Redmond patches 71 security flaws and calls immediate attention to an exploited Windows zero-day reported by CrowdStrike.
The post Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.
darkreading – Read More
The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-49112 is the most serious of this bunch, with a CVSS severity score of 9.8 out of 10. An attacker could exploit this vulnerability in Windows Lightweight Directory Access Protocol (LDAP) calls to execute arbitrary code within the context of the LDAP service. Additionally, CVE-2024-49124 and CVE-2024-49127 permit an unauthenticated attacker to send a specially crafted request to a vulnerable LDAP server, potentially executing the attacker’s code if they succeed in a “race condition.” Although the above vulnerabilities are marked as “critical” and with high CVSS, Microsoft has determined that exploitation is “less likely.”
CVE-2024-49126 – Windows Local Security Authority Subsystem Service (LSASS) remote code execution vulnerability. An attacker with no privileges could target the server accounts and execute malicious code on the server’s account through a network call. Despite being considered “critical”, the successful exploitation of this vulnerability requires an attacker to win a “race condition” which complexity is high, Microsoft has determined that exploitation is “less likely.”
CVE-2024-49105 is a “critical” remote code execution vulnerability in a remote desktop client. Microsoft has assessed exploitation of this vulnerability as “less likely”. An authenticated attacker could exploit by triggering remote code execution on the server via a remote desktop connection using Microsoft Management Console (MMC). It has not been detected in the wild.
CVE-2024-49117 is a remote code execution vulnerability in Windows Hyper-V. Although marked as “critical,” Microsoft has determined that exploitation is “less likely.” The exploit needs an authenticated attacker and locally on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM and trigger remote code execution on the host server. Microsoft has not detected active exploitation of this vulnerability in the wild.
CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49119 and CVE-2024-49120, CVE-2024-49123, CVE-2024-49132, CVE-2024-49116, CVE-2024-49128 are remote code execution vulnerabilities in Windows Remote Desktop Gateway (RD Gateway) Service. An attacker could exploit this by connecting to a system with the Remote Desktop Gateway role, triggering the “race condition” to create a “use-after-free” scenario, and then leveraging the execute arbitrary code. Although marked as “critical,” Microsoft has determined that exploitations are “less likely” and the attack complexity considered “high.” Microsoft has not detected active exploitation of these vulnerabilities in the wild.
CVE-2024-49122 and CVE-2024-49118 are remote code execution vulnerabilities in Microsoft Message Queuing (MSMQ) which is a queue manager in Microsoft Windows system. An attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server and win the “race condition” that is able to exploit on the server side which also means the attack complexity is “high”. While considered “critical” those were determined that exploitation is “less likely” and not been detected in the wild.
CVE-2024-49138 is an elevation of privilege vulnerability in Windows Common Log File System Driver, and while it only has a 7.8 out of 10 CVSS score, it has been actively exploited in the wild.
Cisco Talos would also like to highlight several vulnerabilities that are only rated as “important,” but Microsoft lists as “more likely” to be exploited:
A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page. In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 64308, 64309, 64310, 64311, 64313, 64314, 63874, 63875, 64312, 64306, 64307. There are also these Snort 3 rules 301085, 301086, 301087, 300987, 64312, 301084
Cisco Talos Blog – Read More
The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Adobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect.
The post Adobe Patches Over 160 Vulnerabilities Across 16 Products appeared first on SecurityWeek.
SecurityWeek – Read More
A critical security flaw in Dell Power Manager has been discovered that could allow attackers to compromise your systems and execute arbitrary code.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Sichuan Silence Information Technology Company and one of its employees, Guan Tianfeng, were the targets of the sanctions, and the Justice Department indicted Guan for his role in the attacks. The State Department also issued a $10 million reward for additional information on the company or Guan.
The Record from Recorded Future News – Read More
The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.
darkreading – Read More
Wyden’s bill would require the FCC to implement security requirements for telecom carriers that were originally included in a 1994 federal law but that the agency never fully acted upon.
The Record from Recorded Future News – Read More
U.S. Democratic Senator Ron Wyden announced a new draft bill with the goal of securing American telephone networks and Americans’ communications in response to the massive hack of telecom providers allegedly done by Chinese government hackers. In a press release on Tuesday, Wyden announced the Secure American Communications Act. The bill would order the Federal […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More