Microsoft Warned 6 New Zero-Day Vulnerabilities in Windows

Microsoft Warned: 6 New Zero-Day Vulnerabilities in Windows

Introduction

Microsoft warned users about six newly discovered zero-day vulnerabilities actively being exploited in Windows systems. These vulnerabilities range from remote code execution to privilege escalation, and they highlight ongoing security issues across Microsoft’s operating system. Users are urged to update their systems immediately to protect against potential attacks.

CVE-2024-38178

One of the most critical flaws, CVE-2024-38178, is a memory corruption vulnerability in the Windows Scripting Engine. Microsoft warned that this bug could allow attackers to remotely execute code if a target user is using Microsoft Edge in Internet Explorer Mode. The attack starts when an unauthenticated attacker tricks an authenticated client into clicking a malicious link. This vulnerability was reported by AhnLab and South Korea’s National Cyber Security Center and is actively being exploited.

CVE-2024-38189

Another significant threat is CVE-2024-38189, a remote code execution vulnerability in Microsoft Project. This flaw allows attackers to execute malicious code by tricking users into opening specially crafted Project files. If the system’s settings allow macros to run from the internet, the attacker can take control of the system.

Advertisement Know Tech News

CVE-2024-38106

Microsoft also warned about CVE-2024-38106, a privilege escalation bug in the Windows Kernel. This vulnerability requires the attacker to win a race condition, but successful exploitation could result in the attacker gaining SYSTEM privileges. Although this vulnerability is challenging to exploit, it has been detected in real-world attacks.

CVE-2024-38107

CVE-2024-38107 is another privilege escalation vulnerability affecting the Windows Power Dependency Coordinator, which helps devices wake from sleep. Attackers can exploit this vulnerability locally or by tricking users into performing specific actions, leading to elevated privileges.

CVE-2024-38193

The CVE-2024-38193 flaw impacts the Windows Ancillary Function Driver for WinSock. Like the others, this bug allows privilege escalation and has been exploited in active attacks, although technical details are scarce.

Advertisement Know Tech News

CVE-2024-38213

Lastly, CVE-2024-38213 is a Windows SmartScreen bypass vulnerability. Microsoft warned that attackers could use this flaw to bypass security features and trick users into opening files downloaded from untrusted sources, potentially leading to further exploitation.

Microsoft Warned: Additional Vulnerabilities

In addition to these six zero-day vulnerabilities, Microsoft also patched CVE-2024-38199, a use-after-free flaw in the Windows Line Printer Daemon (LPD) Service. Although LPD has been deprecated for over ten years, this vulnerability can still be exploited by attackers to execute code remotely on vulnerable servers.

Microsoft also addressed other critical issues, including server-side request forgery (SSRF) vulnerabilities in Copilot Studio and Azure Health Bot. These vulnerabilities could expose sensitive information or allow attackers to escalate privileges.

Conclusion

Microsoft warned users about the serious risks posed by these newly discovered zero-day vulnerabilities. To safeguard your system, it is crucial to apply the latest security patches immediately. The continuous rise of zero-day vulnerabilities highlights the importance of staying vigilant and keeping systems up to date.

FAQs

Zero-day refers to a security flaw that is exploited by attackers before the software vendor has issued a patch or fix.

Microsoft warned users about zero-day vulnerabilities as soon as they are identified and releases patches to fix these flaws as part of their security updates.

If you don’t apply the patches, your system could be vulnerable to remote code execution, privilege escalation, or other malicious activities that could compromise your data.

Microsoft did not release specific indicators of compromise (IOCs) for these vulnerabilities, but unusual system behavior or unexpected file changes could be a sign of exploitation.

Regularly updating your system with the latest patches, avoiding suspicious links or files, and using security software can help protect your system from vulnerabilities.

Loading

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x