Home Cyber Attack Windows MSHTML Zero-Day Exploited in Active Attacks

Windows MSHTML Zero-Day Exploited in Active Attacks

0
Windows MSHTML Zero-Day Exploited in Active Attacks

Adobe released patches for eight products in September, addressing 28 vulnerabilities, as Critical-rated code execution bugs were found in ColdFusion, Acrobat, Reader, Photoshop, and Illustrator, where the ColdFusion patch is particularly urgent due to its high CVSS score.

They released security updates for Premier Pro, After Effects, Audition, and Media Encoder to address a total of 16 vulnerabilities, including five Critical-rated bugs. None of the vulnerabilities were publicly known or actively exploited, but Adobe recommends applying the updates immediately.

Microsoft has disclosed 79 new vulnerabilities in various Windows and Office products this month, which affect components such as Windows Hyper-V, Azure, and SQL Server.

The software release includes 78 patches, of which 7 are critical and 71 are important. This high number of critical patches, especially those under active attack, is unusual and aligns with the volume seen last month.

The security researcher believes that more vulnerabilities are being actively exploited than officially reported, and they will examine specific vulnerabilities in detail to provide a better understanding of the current threat landscape.

Microsoft’s servicing stack update introduced a vulnerability in Windows 10 optional components, allowing potential remote code execution, as admins must install both the servicing stack and security update to mitigate the risk.

Vulnerability CVE-2024-38226 allows attackers to bypass macro policies in Microsoft Publisher by exploiting specially crafted files, and if a target opens such a file, malicious code can be executed on their system.

A publicly known vulnerability in Windows’ Mark of the Web security feature has been exploited to bypass its protection. The attack, likely carried out by ransomware gangs targeting crypto traders, involves exploiting a flaw in MoTW’s implementation to execute malicious code. 

A critical privilege escalation vulnerability in Windows Installer (CVE-2024-38014) allows attackers to gain SYSTEM-level privileges without user interaction, which is actively exploited in the wild, so patching should be prioritized immediately to prevent unauthorized access and potential system takeover.

Microsoft’s previous patch for the MSHTML platform spoofing vulnerability has been bypassed, allowing threat actors to exploit the same flaw, which affects all supported versions of Windows and is currently being actively exploited in the wild.

SharePoint’s vulnerability, discovered by ZDI, allows code execution due to improper validation of serialized SPThemes instances. Azure Stack Hub and NAT also have critical bugs but require specific conditions or access for exploitation. 

Microsoft released a security update to address code execution vulnerabilities in TCP/IP, Remote Desktop Licensing Service, and SQL Server Native Scoring. Enterprises should prioritize patching, especially those using NetNAT or OLE DB Driver 18 or 19.

This month’s Patch Tuesday includes numerous critical vulnerabilities, including privilege escalation in Azure CycleCloud, RCE in Power Automate Desktop and SharePoint, and EoP in SQL Server and PowerShell.

September’s Windows update addresses two SFB bugs involving web browsing, one in Zone Mapping and another in SmartScreen, which also fixes 11 information disclosure bugs, two of which could leak sensitive data or file content. iOS users should manually update Outlook for this fix.

The release also addresses spoofing and denial-of-service vulnerabilities in various Windows components, as the spoofing bugs allow attackers to impersonate legitimate users or services, while the DoS vulnerabilities can disrupt network and server functionality.

Also Read:

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here