Microsoft is again pushing a Defender Antivirus update (first issued in April and pulled in May) that fixes a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Microsoft is again pushing a Defender Antivirus update (first issued in April and pulled in May) that fixes a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off. […] Read More
BleepingComputer
Microsoft Patches 6 Zero-Days That Threat Actors Actively Exploiting
Microsoft has released its August 2024 Patch Tuesday update to address 90 security vulnerabilities. The update includes fixes for six zero-day flaws actively exploited across various products and services, such as Windows, Office, Azure, Dynamics, and Edge.
The high number of zero-day vulnerabilities, especially those already being actively exploited, makes this a particularly critical Patch Tuesday. Organizations are strongly advised to apply these patches as soon as possible to mitigate the risk of exploitation.
The August Patch Tuesday update also includes fixes for several critical vulnerabilities, including flaws in the Windows Reliable Multicast Transport Driver and Windows TCP/IP, both of which could lead to remote code execution.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability
This vulnerability allows remote code execution if an authenticated user is tricked into clicking a specially crafted URL while using Microsoft Edge in Internet Explorer Mode. The flaw was reported by AhnLab and South Korea’s National Cyber Security Center, suggesting its use in nation-state APT attacks.
CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
This bug enables attackers to gain SYSTEM privileges on Windows systems. It was discovered by researchers from Gen Digital (formerly Symantec) and is considered a prime target for potential inclusion in ransomware attacks.
CVE-2024-38213: Windows Mark of the Web Security Feature Bypass Vulnerability
This vulnerability allows attackers to bypass the SmartScreen security feature, potentially enabling malicious files to evade detection. A researcher from Trend Micro’s Zero Day Initiative identified it.
CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability
This flaw in the Windows Kernel can be exploited to gain SYSTEM privileges. Successful exploitation requires the attacker to win a race condition, which, despite being classified as “high complexity,” has proven to be readily exploitable in the wild.
CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Another privilege escalation vulnerability is that this bug affects the Windows Power Dependency Coordinator, a component of Modern Standby. Exploitation can lead to SYSTEM-level access.
CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability
This unusual remote code execution flaw in Microsoft Project can be exploited through maliciously crafted files. It requires certain security features to be disabled but has nonetheless been observed in active attacks.
Organizations and individuals are strongly advised to apply the latest security updates as soon as possible to mitigate the risk of exploitation.
Microsoft has not provided detailed information about the extent of these exploits in the wild, but security experts warn that some of these vulnerabilities could quickly become targets for ransomware operations if they aren’t already.
In addition to the six actively exploited zero-days, Microsoft also patched three other publicly disclosed vulnerabilities and is working on a fix for a tenth publicly known zero-day.
As always, users and system administrators are encouraged to review the full list of patched vulnerabilities and prioritize updates based on their specific risk profiles and system configurations.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces
The post Microsoft Patches 6 Zero-Days That Threat Actors Actively Exploiting appeared first on Cyber Security News.
Marriott settles with FTC, to pay $52 million over data breaches
Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers. […] Read More
Microsoft Office Spoofing Vulnerability Let Attackers Steal Sensitive Data
Microsoft has disclosed a significant security vulnerability in its Office suite, identified as CVE-2024-38200, which could potentially allow attackers to access sensitive information.
This spoofing vulnerability affects multiple versions of Microsoft Office, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise, across both 32-bit and 64-bit systems.
The vulnerability, rated with a CVSS score of 7.5, is considered important due to its potential to expose sensitive information to unauthorized actors, classified under CWE-200.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access
Despite the high severity, Microsoft has assessed the likelihood of exploitation as “less likely,” indicating that while the threat is serious, immediate widespread exploitation is not anticipated.
In a typical attack scenario, an attacker could host a malicious website or compromise an existing one to deliver a specially crafted file to the victim.
The attacker would need to persuade the user to visit the website and open the file, often through deceptive emails or instant messages. This method relies on user interaction, which is a critical factor in its exploitability.
Microsoft has already implemented an alternative fix via Feature Flighting as of July 30, 2024, to protect users on all supported versions of Microsoft Office and Microsoft 365.
However, the company advises users to apply the upcoming formal patch on August 13, 2024, for comprehensive protection.
To mitigate the risk, Microsoft recommends several strategies:
Restrict NTLM Traffic: Configure the network security policy to block or audit outgoing NTLM traffic to remote servers.
Protected Users Security Group: Add high-value accounts to this group to prevent NTLM usage.
Block TCP 445/SMB: Use firewalls to block outbound traffic on this port, reducing exposure to NTLM authentication messages.
The discovery of this vulnerability is credited to Jim Rush from PrivSec Consulting and Metin Yunus Kandemir from Synack Red Team. Further insights are expected from Rush’s presentation at DEF CON 2024, where he will discuss this and other vulnerabilities.
Microsoft continues to work on addressing additional vulnerabilities, emphasizing the importance of keeping systems updated to prevent exploitation. Users are encouraged to remain vigilant and apply security patches promptly to safeguard their data.
Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download
The post Microsoft Office Spoofing Vulnerability Let Attackers Steal Sensitive Data appeared first on Cyber Security News.