- "AI 경쟁에서 CIO가 풀어야 할 과제 4가지는..." 가트너
- Track US election results on your iPhone, iPad or Apple Watch - here's how
- How to Become a Chief Information Officer: CIO Cheat Sheet
- 3 handy upgrades in MacOS 15.1 - especially if AI isn't your thing (like me)
- Your Android device is vulnerable to attack and Google's fix is imminent
Microsoft Patches 150 Flaws Including Two Zero-Days
This month’s Patch Tuesday security update round from Microsoft was a busy one, with 150 CVEs fixed including two zero-days actively exploited in attacks.
The two zero-days are CVE-2024-29988 and CVE-2024-26234.
“Microsoft fixed a SmartScreen Prompt security feature bypass vulnerability this month with CVE-2024-29988, which is credited to some of the same researchers that disclosed a similar flaw in February (CVE-2024-21412) that was exploited as a zero-day,” explained Satnam Narang, senior staff research engineer at Tenable. “Social engineering through direct means (email and direct messages) that requires some type of user interaction is a typical route for exploitation for this type of flaw.”
The second zero-day is described as a “proxy driver spoofing” bug, but the flaw was initially not reported by Microsoft as being under live exploitation. That has changed after notification by Sophos.
Read more on Patch Tuesday: Microsoft Fixes Two Zero-Days in February Patch Tuesday
In total, there were just three critical-rated vulnerabilities patched this month by Microsoft – CVE-2024-29053, CVE-2024-21322 and CVE-2024-21323. All of these are listed as Microsoft Defender for IoT remote code execution vulnerabilities.
“These vulnerabilities have been critically rated for their potential impact on the confidentiality, integrity and availability of the systems they afflict. Stemming from an absolute path traversal flaw, as categorized by the Common Weakness Enumeration (CWE-36), these vulnerabilities expose a pathway for attackers to access and manipulate directories and files located beyond the web root folder,” explained Action1 president, Mike Walters.
“The exploitation of such vulnerabilities could empower an attacker to remotely execute arbitrary code on a victim’s system. The implications of this are profound, ranging from full system control, service disruptions, sensitive data leakage, to further network propagation.”
Of the 60+ remote code execution (RCE) flaws fixed this month, more than half are found in SQL drivers.