U.S. Cybersecurity Archives

Winsage

December 12, 2024

Microsoft just fixed 72 Windows security flaws — update your PC right now

Microsoft's Patch Tuesday updates for 2024 addressed 72 security vulnerabilities, including 17 classified as Critical, 52 as Important, and one as Moderate. One vulnerability, CVE-2024-49138, is actively exploited and relates to privilege escalation in the Windows Common Log File System (CLFS) driver. Microsoft has mitigated 1,088 vulnerabilities this year. The flaw allows attackers to gain elevated system privileges and has been recognized by CrowdStrike. It is the fifth actively exploited CLFS privilege escalation vulnerability since 2022 and the ninth patched this year. Microsoft is implementing additional verification steps for log files and has introduced new security mitigations using Hash-based Message Authentication Codes (HMAC). This vulnerability is listed in the Known Exploited Vulnerabilities catalog by CISA, requiring Federal Civilian Executive Branch agencies to remediate it by December 31st. The most critical vulnerability this month is CVE-2024-49112, a remote code execution flaw affecting the Windows Lightweight Directory Access Protocol (LDAP). Other significant remote code execution vulnerabilities include CVE-2024-49117 (Windows Hyper-V), CVE-2024-49105 (Remote Desktop Client), and CVE-2024-49063 (Microsoft Muzic). Users are advised to update their systems promptly and ensure Windows Defender is activated.

Winsage

December 11, 2024

New Windows 0Day Attack Confirmed—Homeland Security Says Update Now

Microsoft has confirmed a zero-day security vulnerability, CVE-2024-49138, which poses a significant risk of full system compromise for Windows devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerability Catalog and recommends immediate action to mitigate risks. CVE-2024-49138 is a heap-based buffer overflow in the Microsoft Windows Common Log File System driver, affecting various editions of Windows since Server 2008. It has a CVSSv3.1 score of 7.8 and is rated Important by Microsoft, with risk-based prioritization suggesting it should be treated as Critical. Evidence indicates that this vulnerability is being exploited in the wild, raising concerns about potential ransomware attacks. Users are urged to update their systems promptly.

AppWizard

December 4, 2024

FBI Warns Americans to Start Using Encrypted Messaging Apps

America's leading cybersecurity and law enforcement officials convened to address cyber threats, particularly following the Salt Typhoon intrusion attributed to Chinese government hackers, described by Senator Mark Warner as “the worst hack in our nation’s history.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI advised Americans to use encrypted messaging applications like Signal to protect against foreign infiltration. Encryption was emphasized as a vital defense, with officials noting that the hackers could not access encrypted communications, although they did gain access to metadata related to messages and phone calls. The Five Eyes alliance issued guidelines to fortify systems against the Salt Typhoon attack. Concerns remain about the implications of potential shifts in governance and the protection of civil liberties in an increasingly volatile political climate.

Winsage

October 25, 2024

Update Windows by October 29 to avoid risk

Microsoft has issued an advisory for a critical vulnerability identified as CVE-2024-43573, affecting over 240 million users, primarily targeting Windows 10 and Windows 11. Users are urged to update their systems by October 29, 2024, to avoid significant security threats. The vulnerability is linked to MSHTML, a component of Internet Explorer, and has been associated with infostealer attacks. The U.S. government recommends federal employees prioritize these updates. Trend Micro indicates that this vulnerability shares characteristics with previously patched issues, necessitating the application of the latest Patch Tuesday updates. Users on older Windows systems are advised to upgrade, as Microsoft will discontinue support for Windows 10 in October 2025.

Winsage

October 19, 2024

Microsoft Windows Deadline—10 Days To Update Or Stop Using Your PC

A new vulnerability, CVE-2024-43573, has been identified in Windows systems, prompting a third urgent advisory from the U.S. government. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal employees must either implement mitigations or stop using affected products by October 29. This vulnerability is a spoofing issue that could lead to a loss of confidentiality. Approximately 900 million Windows 10 users are at risk as they have not transitioned to Windows 11, and 50 million users are still on older versions. The vulnerability is linked to MSHTML, which can invoke retired Internet Explorer to access malicious URLs. This is the third vulnerability in a series that includes CVE-2024-38112 and CVE-2024-43461, both of which have been exploited in the past months. Users are urged to update their systems promptly to mitigate risks.

Winsage

October 16, 2024

U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include critical vulnerabilities affecting Microsoft Windows Kernel, Mozilla Firefox, and SolarWinds Web Help Desk. Details of the vulnerabilities: - CVE-2024-30088 (CVSS score 7.0): A TOCTOU race condition in Microsoft Windows Kernel that could allow an attacker to gain SYSTEM privileges. - CVE-2024-9680: A critical use-after-free vulnerability in Mozilla Firefox, actively exploited in attacks, which was addressed by an emergency security update. - CVE-2024-28987 (CVSS score 9.1): A hardcoded credential vulnerability in SolarWinds Web Help Desk that could enable remote unauthenticated attackers to gain unauthorized access. Federal agencies must address these vulnerabilities by November 5, 2024, in accordance with Binding Operational Directive (BOD) 22-01, which aims to reduce risks from known exploited vulnerabilities.

Winsage

October 9, 2024

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released updates addressing a total of 118 vulnerabilities, including two that are actively exploited in the wild. The vulnerabilities are categorized as follows: 3 critical, 113 important, and 2 moderate. Among the 118 flaws, five are publicly known, with two classified as zero-day vulnerabilities: - CVE-2024-43572 (CVSS score: 7.8) - Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected) - CVE-2024-43573 (CVSS score: 6.5) - Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected) Additionally, CVE-2024-43468 is a critical remote execution flaw in Microsoft Configuration Manager with a CVSS score of 9.8, allowing unauthenticated actors to execute arbitrary commands. Other critical vulnerabilities include: - CVE-2024-43488 (CVSS score: 8.8) - Visual Studio Code extension for Arduino - CVE-2024-43582 (CVSS score: 8.1) - Remote Desktop Protocol (RDP) Server The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-43572 and CVE-2024-43573 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply fixes by October 29, 2024.

Winsage

September 19, 2024

U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include critical vulnerabilities affecting widely used software products. The newly added vulnerabilities are: - CVE-2024-27348: Apache HugeGraph-Server Improper Access Control Vulnerability - CVE-2020-0618: Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability - CVE-2019-1069: Microsoft Windows Task Scheduler Privilege Escalation Vulnerability - CVE-2022-21445: Oracle JDeveloper Remote Code Execution Vulnerability - CVE-2020-14644: Oracle WebLogic Server Remote Code Execution Vulnerability CVE-2022-21445 and CVE-2020-14644 both have a CVSS score of 9.8, posing significant risks by allowing unauthenticated attackers to exploit vulnerabilities in Oracle JDeveloper and Oracle WebLogic Server, respectively. CVE-2019-1069 has a CVSS score of 7.8, allowing privilege escalation in Microsoft Windows Task Scheduler. CVE-2020-0618, also scoring 7.8, affects Microsoft SQL Server Reporting Services through improper handling of page requests. CVE-2024-27348, rated at 9.8, allows attackers to bypass sandbox restrictions in Apache HugeGraph-Server. Federal agencies must address these vulnerabilities by October 9, 2024, as per Binding Operational Directive (BOD) 22-01, and private organizations are advised to review the KEV catalog for necessary actions.

Winsage

September 17, 2024

New Microsoft Windows Deadline—You Have 3 Weeks To Update Your PC

Microsoft has revealed a security vulnerability, CVE-2024-43461, related to the MSHTML Platform in Windows, which allows attackers to spoof web pages. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and set an update deadline of October 7 for Windows PCs. This vulnerability has been exploited alongside CVE-2024-38112, which was reported in July. Check Point noted that attackers have been using Windows Internet Shortcut files to exploit this vulnerability, even on the latest Windows versions. Microsoft recommends that users apply both Security Only updates and Internet Explorer Cumulative updates for comprehensive protection. The exploitation of these vulnerabilities has been linked to the advanced persistent threat group Void Banshee, which uses tactics like luring victims with malicious files. CISA emphasizes the importance of applying mitigations or discontinuing the use of affected products, urging users to update their systems or power them down to avoid vulnerabilities.

Winsage

August 14, 2024

New Windows Cyber Attacks Confirmed—CISA Says Update By September 3

Microsoft has released Patch Tuesday security updates addressing 90 vulnerabilities in the Windows ecosystem, including five critical zero-day vulnerabilities under active cyber attack. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included these vulnerabilities in the Known Exploited Vulnerabilities Catalog, requiring compliance by September 3. The five critical vulnerabilities are: 1. CVE-2024-38178: A memory corruption issue in the Windows scripting engine, allowing remote code execution, affecting Windows 10, Windows 11, and Windows Server 2012 and later, with a severity rating of 7.6. 2. CVE-2024-38213: A bypass of the Windows ‘Mark of the Web’ security feature, potentially allowing circumvention of SmartScreen protection, affecting Windows 10, Windows 11, and Windows Server 2012 and later. 3. CVE-2024-38193: An elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows 10, Windows 11, and Windows Server 2008 and later, which could lead to SYSTEM privileges. 4. CVE-2024-38106: A Windows kernel elevation of privilege vulnerability affecting Windows 10, Windows 11, and Windows Server 2016 and later, arising from inadequate protection of sensitive data in memory. 5. CVE-2024-38107: A use-after-free elevation of privilege vulnerability in the Windows power dependency coordinator, affecting Windows 10, Windows 11, and Windows Server 2012 and later, which could lead to arbitrary code execution or system control.