Ransomware

Zero-Day Flaws Added To Known Exploited Vulnerabilities Catalog

The two vulnerabilities are highly concerning since both of them carry a CVS score of 7.8 and 7.5.

by Ashish Khaitan July 10, 2024

Share on LinkedInShare on Twitter

CISA has added two zero-day vulnerabilities from the cluster of vulnerabilities fixed in this month’s patch Tuesday. In its latest patch Tuesday release for July 2024, Microsoft has addressed a total of 138 vulnerabilities, including two zero-day exploits that have been actively exploited in the wild.

These vulnerabilities, specifically CVE-2024-38080 and CVE-2024-38112, have been highlighted by the Cybersecurity and Infrastructure Security Agency (CISA) in their Known Exploited Vulnerabilities Catalog. 

CVE-2024-38080 affects Microsoft’s Hyper-V, a core component used for virtualization in Windows and Windows Server environments. This vulnerability enables a local attacker with basic user permissions to escalate their privileges to gain SYSTEM-level access on the host machine.

While exploitation requires initial local access, the potential consequences of successful exploitation are significant, allowing attackers to compromise the entire virtualized environment.

Two Zero-Days Vulnerability Added to CISA’s Known Exploited Vulnerabilities Catalog

Source: CISA

The two vulnerabilities listed by CISA are highly concerning since both of them carry a CVS score of 7.8 and 7.5. In a conversation with The Cyber Express, Satnam Narang, Senior Staff Research Engineer at Tenable, expressed his view of these two vulnerabilities, stating, “CVE-2024-38080 is an elevation of privilege flaw in Windows Hyper-V. A local, authenticated attacker could exploit this vulnerability to elevate privileges to the SYSTEM level following an initial compromise of a targeted system.”

The second zero-day vulnerability, CVE-2024-38112, targets Microsoft’s MSHTML platform, which is integral to applications like Internet Explorer. This vulnerability involves spoofing, where attackers can deceive users into interacting with malicious content disguised as legitimate. This could lead to the installation of malware, theft of sensitive information, or further compromise of the affected system. 

Microsoft has acknowledged active exploitation of this vulnerability in the wild, though specific details about the attacks remain undisclosed. Discussing CVE-2024-38112, Narang added, “Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.”

Microsoft Patch Tuesday Fixes Several Flaws and Vulnerabilities

These vulnerabilities are part of a broader set of patches released by Microsoft to address 138 CVEs across various products and services. The patch includes fixes for critical vulnerabilities known for their potential to facilitate remote code execution (RCE) and other severe impacts on system security. Among these are flaws affecting Windows Remote Desktop Licensing Service, which could allow remote attackers to execute arbitrary code by sending specially crafted packets to vulnerable servers.

In addition to the actively exploited vulnerabilities, the patch addresses several other security issues, including those affecting .NET, Visual Studio, and Windows 11 on ARM64-based systems. Two of these vulnerabilities, CVE-2024-35264 and CVE-2024-37985, had been publicly disclosed prior to the release of the patches.

CISA’s inclusion of CVE-2024-38080 and CVE-2024-38112 in its Known Exploited Vulnerabilities Catalog highlights the critical nature of these vulnerabilities and the importance of prompt mitigation. Organizations are strongly advised to apply patches as soon as possible to mitigate the risks associated with these vulnerabilities. If immediate patching is not feasible, CISA recommends implementing vendor-provided mitigations or considering discontinuing the use of affected products until patches can be applied.

Microsoft’s July 2024 patch Tuesday release represents a crucial update for system administrators and IT security professionals. The inclusion of actively exploited vulnerabilities such as CVE-2024-38080 and CVE-2024-38112 highlights the evolving threat landscape and the ongoing efforts needed to safeguard against potential cyber threats. By prioritizing these patches and adopting best practices in vulnerability management, organizations can enhance their resilience against emerging security risks in today’s digital environment.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button