Microsoft has released security updates to address 61 high-risk vulnerabilities, including two that are critical. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
The UAE Cyber Security Council on Thursday recommended implementing Microsoft updates to avoid any breaches or leaks of your information and personal data.
UAE’s Cybersecurity Report 2024, jointly issued by the UAE Cyber Security Council and CPX Holding, sheds light on a concerning reality: the UAE currently harbours 155,000 vulnerable cyber assets, with 40 percent aged over five years.
This revelation underscores the urgent need for advanced cybersecurity measures, particularly as the nation grapples with escalating cyber threats, including sophisticated attacks like ransomware.
Microsoft vulnerability details
CVE-2024-21334
A remote code execution vulnerability affecting Open Management Infrastructure (OMI), with a CVSSv3 score of 9.8, could allow a remote unauthenticated attacker to access the OMI instance from the Internet and send specially crafted requests to trigger a use-after-free vulnerability.
CVE-2024-21400
A privilege escalation vulnerability impacting Microsoft Azure Kubernetes Service Confidential Container, with a CVSSv3 score of 9.0, could allow an attacker to exploit this vulnerability to steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC).
CVE-2024-21407
A remote code execution vulnerability affecting Windows Hyper-V, with a CVSSv3 score of 8.1, could allow an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.
CVE-2024-21426
A remote code execution vulnerability affecting Microsoft SharePoint, with a CVSSv3 score of 7.8, could allow an attacker to perform a remote attack that could enable access to the victim’s information and the ability to alter information, if they convince a user to open a malicious file.
Source: KhaleejTimes
