Windows MSHTML zero-day actively exploited

Home/BOTNET, Exploitation, Malware, Security Advisory, Security Update, vulnerability, windows, Zero Day Attack/Windows MSHTML zero-day actively exploited

Windows MSHTML zero-day actively exploited

Adobe’s September 2024 updates fixed 28 vulnerabilities, including a critical ColdFusion flaw (CVSS 9.8). Other affected products include Photoshop, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder. These updates are crucial due to the high risk of exploitation.

Windows MSHTML zero-day

Microsoft released 79 security patches this month, with seven labeled as critical, 71 as important, and one as moderate.

This month’s patch volume is similar to last month’s, with a critical Windows 10 remote code execution flaw (CVE-2024-43491) in the Servicing Stack allowing attackers to downgrade components and execute malicious code.

While not yet exploited, it underscores the importance of applying the latest updates, including KB5043936 and KB5043083. Recent patches also address vulnerabilities in Microsoft Publisher and Windows.

CVE-2024-38226: Attackers can exploit this vulnerability by tricking users into opening a specially crafted Publisher file, bypassing macro policies and enabling code execution.

CVE-2024-38217: This MoTW bypass vulnerability could be used by ransomware groups, particularly targeting crypto traders.

CVE-2024-38014: A flaw in Windows Installer allows attackers to elevate privileges to SYSTEM undetected.

CVE-2024-43461: A spoofing vulnerability in the MSHTML platform can be exploited for remote code execution.

Both vulnerabilities are actively being exploited, and patches should be applied immediately. Microsoft has released critical updates for SharePoint, Azure Stack Hub, TCP/IP, Remote Desktop Licensing Service, SQL Server Native Scoring, Azure CycleCloud, and Power Automate Desktop.

Recommendation

These vulnerabilities can result in code execution, privilege escalation, and other security risks. Organizations are urged to apply the patches to prevent potential breaches. The update also fixes 30 Elevation of Privilege (EoP) bugs, 2 Security Feature Bypass (SFB) bugs, and 11 information disclosure vulnerabilities, along with addressing spoofing and denial-of-service (DoS) risks, including a DoS issue in Hyper-V affecting both guest and host OS.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 267
By | 2024-09-23T07:53:24+05:30 September 16th, 2024|BOTNET, Exploitation, Malware, Security Advisory, Security Update, vulnerability, windows, Zero Day Attack|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!