overview
Microsoft has issued patches for over 60 vulnerabilities across its Windows ecosystem. Of particular concern are two critical HyperV vulnerabilities in Microsoft’s hypervisor, CVE-2024-21407 (CVSS 8.1) and CVE-2024-21408 (CVSS 5.5), which expose systems to remote code execution (RCE) and denial-of-service (DoS) attacks.
CVE-2024-21407 is an RCE vulnerability that allows an authenticated attacker on a guest VM to execute specially crafted file operations, potentially leading to remote code execution on the host server.
Meanwhile, CVE-2024-21408 is HyperV vulnerability that allows for DoS attacks. In this scenario, user interaction is not necessary, and only minimal privileges are required for the attacker to disrupt the system, potentially leading to a system crash.
Also, Microsoft Exchange Server faces code execution issues with the vulnerability CVE-2024-26198 (CVSS 8.8). To exploit this vulnerability, the attacker must place a malicious file either in an online directory or on the local network, then persuade a user to open the file, initiating the exploit.
While there's no evidence of active exploits, it's important for organizations to prioritize updating. Stay vigilant and apply patches as soon as possible.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION