Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Microsoft Warns of Windows Hyper-V Zero-Day Being Exploited

Patch Tuesday: Microsoft patches more than 140 security vulnerabilities in the Windows ecosystem, including a pair of exploited zero-days.

Software giant Microsoft on Tuesday rolled a massive batch of updates to fix security flaws in the Windows ecosystem and warned that attackers are already exploiting a Windows Hyper-V privilege escalation bug in the wild.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in a barebones bulletin that marks the Hyper-V issue in the “exploitation detected” category.

The Windows Hyper-V vulnerability, tagged as CVE-2024-38080, was anonymously reported to Redmond’s security response center. It carries a CVSS severity score of 7.8/10.

Microsoft did not share any additional details on the observed attacks or any data or telemetry to help defenders hunt for signs of infection. 

Separately, the company called urgent attention to a Windows MSHTML Platform spoofing vulnerability (CVE-2024-38112) that’s also marked as exploited in the wild.

“Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An attacker would have to send the victim a malicious file that the victim would have to execute,” Microsoft said.

The two exploited zero-days headline a massive batch of Patch Tuesday releases that includes fixes for more than 140 vulnerabilities across the Windows ecosystem.  Of the 143 documented bugs, five are rated critical, Microsoft’s highest severity rating.

Security experts are urging Windows sysadmins to pay special attention to a critical remote code execution vulnerability — CVE-2024-38023 — in Microsoft Office SharePoint that’s likely to be exploited by attackers.

Advertisement. Scroll to continue reading.

THe Office SharePoint flaw could allow an authenticated attacker with Site Owner permissions or higher to upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file’s parameters. 

“This would enable the attacker to perform remote code execution in the context of the SharePoint Server,” Microsoft confirmed, noting that an authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.

The Microsoft patches also provide cover for critical-severity remote code execution flaws in Windows Imaging Component and Windows Desktop Remote Licensing.

Microsoft’s patches come on the same day software maker Adobe shipped critical-severity patches for security defects in the Adobe Premiere Pro, Adobe InDesign and Adobe Bridge product lines.

“Successful exploitation could lead to arbitrary code execution,” the company warned. The Adobe issues affect both Windows and macOS users.

Related: Microsoft’s Security Chickens Have Come Home to Roost 

Related: BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol

Related: SAP Patches High-Severity Vulnerabilities in PDCE, Commerce

Related: Adobe Ships Hefty Batch of Security Patches 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Check Point Software has appointed Nadav Zafrir as Chief Executive Officer

BlackFog has named Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales

Former NSA cybersecurity chief Rob Joyce has joined Sandfly Security's Advisory Board.

More People On The Move

Expert Insights