iTWire TV 160x1200notfunny

iTWire TV 160x1200notfunny

iTWire TV 705x108notfunny
Wednesday, 11 September 2024 11:32

Tenable patch Tuesday comment

By Satnam Narang, senior staff research engineer, Tenable
Tenable patch Tuesday comment

GUEST OPINION: This month, Microsoft patched two zero-day vulnerabilities that can bypass security features in Microsoft Office and Windows Mark of the Web. Both vulnerabilities were exploited in the wild, though specifics about these attacks were not publicly disclosed, though given the prevalence of Microsoft Office and Windows Mark of the Web, these vulnerabilities should be at the top of the remediation list.

CVE-2024-38226 is a flaw in Microsoft Publisher, a standalone application that is also included in some versions of Microsoft Office. CVE-2024-38217 is a vulnerability in Mark of the Web, an important security feature in Microsoft Windows that flags or blocks content from files downloaded from the internet.

Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running. In both cases, the target needs to be convinced to open a specially crafted file from an attacker-controlled server. Where they differ is that an attacker would need to be authenticated to the system and have local access to it to exploit CVE-2024-38226.

CVE-2024-38217 is the second zero-day vulnerability in Mark of the Web that was exploited in the wild. In August, Microsoft published an advisory for CVE-2024-38213, which was actually fixed as part of its June 2024 Patch Tuesday release, but it was “inadvertently omitted” from that release. CVE-2024-38213, also known as “Copy2Pwn,” was linked to the DarkGate campaign, which included the use of another zero-day vulnerability – CVE-2024-21412. Water Hydra, the advanced persistent threat (APT) group behind the DarkGate campaign, appears to have a penchant for discovering and exploiting zero-day security feature bypass vulnerabilities, though it is unclear if CVE-2024-38217 is attributable to the group.

Microsoft also fixed CVE-2024-38014, a Windows Installer elevation of privilege flaw that was also exploited in the wild as a zero-day. Flaws like CVE-2024-38014 are part of post-compromise activity, whereby an attacker has obtained access to a target system and will exploit these types of vulnerabilities in order to elevate privileges to enable further compromise. How these attackers gain access to these systems can vary, whether it’s through exploitation of other vulnerabilities, spear phishing or brute force attacks. Because elevation of privilege vulnerabilities are related to post-compromise activity, they may not receive as much attention as remote code execution bugs, but they are highly valuable to attackers as they are able to inflict more damage or compromise more data. It is important for organizations to ensure they patch these flaws to cut off attack paths and prevent future compromise.

In addition to these zero-day vulnerabilities, Microsoft also corrected a vulnerability in its Servicing Stack that led to the rollback of fixes for specific versions of Windows 10 affecting some Optional Components. Identified as CVE-2024-43491, it is labelled as “Exploitation Detected” which implies that it was exploited in the wild. However, it appears to be labelled this way because the rollback of fixes reintroduced vulnerabilities in the Optional Components that were previously known to be exploited. To correct this issue, users need to apply both the September 2024 Servicing Stack Update and the September 2024 Windows Security Updates.

Read 339 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




IDC WHITE PAPER: The Business Value of Aiven Data Cloud Solutions

According to IDC, Aiven enables your teams to perform more efficiently, reduce direct infrastructure costs, and provide improved database performance, agility and scalability.

Find out how Aiven makes teams 48% more efficient, allowing staff to focus on high-value activities that drive real business results:

340% 3-year ROI – break even in 5 months (average)

37% lower 3-year cost of operations

78% reduction in staff time for database deployments

Download the IDC White Paper now

DOWNLOAD WHITE PAPER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Guest Opinion
Tagged under

Related items

More in this category: « How a quality defense attorney can help with a public intoxication charge Decoding return on investment of artificial intelligence and automation to unlock true value for every business »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown:

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments