Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category.

Microsoft Zero-Days

Microsoft warned Tuesday of six actively exploited Windows security defects, highlighting ongoing struggles with zero-day attacks across its flagship operating system.

Redmond’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and raised eyebrows when it marked a half-dozen flaws in the actively exploited category.

Here’s the raw data on the six newly patched zero-days:

CVE-2024-38178 — A memory corruption vulnerability in the Windows Scripting Engine allows remote code execution attacks if an authenticated client is tricked into clicking a link in order for an unauthenticated attacker to initiate remote code execution. According to Microsoft, successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.  CVSS 7.5/10.

This zero-day was reported by Ahn Lab and the South Korea’s National Cyber Security Center, suggesting it was used in a nation-state APT compromise. Microsoft did not release IOCs (indicators of compromise) or any other data to help defenders hunt for signs of infections.  

CVE-2024-38189 — A remote code execution flaw in Microsoft Project is being exploited via maliciously rigged Microsoft Office Project files on a system where the ‘Block macros from running in Office files from the Internet policy’ is disabled and ‘VBA Macro Notification Settings’ are not enabled allowing the attacker to perform remote code execution. CVSS 8.8/10.

CVE-2024-38107 — A privilege escalation flaw in the Windows Power Dependency Coordinator is rated “important” with a CVSS severity score of 7.8/10. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said, without providing any IOCs or additional exploit telemetry.

CVE-2024-38106 – Exploitation has been detected targeting this Windows kernel elevation of privilege flaw that carries a CVSS severity score of 7.0/10. “Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”  This zero-day was reported anonymously to Microsoft.

Advertisement. Scroll to continue reading.

CVE-2024-38213 — Microsoft describes this as a Windows Mark of the Web security feature bypass being exploited in active attacks. “An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience.”  

CVE-2024-38193 –  An elevation of privilege security defect in the Windows Ancillary Function Driver for WinSock is being exploited in the wild. Technical details and IOCs are not available.  “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said.

Microsoft also urged Windows sysadmins to pay urgent attention to a batch of critical-severity issues that expose users to remote code execution, privilege escalation, cross-site scripting and security feature bypass attacks.

These include a major flaw in the Windows Reliable Multicast Transport Driver (RMCAST) that brings remote code execution risks (CVSS 9.8/10); a severe Windows TCP/IP remote code execution flaw with a CVSS severity score of 9.8/10; two separate remote code execution issues in Windows Network Virtualization; and an information disclosure issue in the Azure Health Bot (CVSS 9.1).

Related: Windows Update Flaws Allow Undetectable Downgrade Attacks

Related: Adobe Calls Attention to Massive Batch of Code Execution Flaws

Related: Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains

Related: Recent Adobe Commerce Vulnerability Exploited in Wild

Related: Adobe Issues Critical Product Patches, Warns of Code Execution Risks

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.