overview
This week, Microsoft has addressed 59 security vulnerabilities, including two actively exploited zero-days: CVE-2024-30051 and CVE-2024-30040.
CVE-2024-30051 (CVSS 7.8)
This vulnerability is a heap-based buffer overflow in the Windows DWM Core Library. Exploitation can allow attackers to elevate privileges to SYSTEM level. Reports indicate it is being utilized by multiple threat actors, often in conjunction with Qakbot malware. The vulnerability was initially uncovered through a file uploaded to VirusTotal, with exploitation methods similar to the CVE-2023-36033 zero-day exploit.
CVE-2024-30040 (CVSS 8.8)
This vulnerability allows attackers to bypass OLE mitigations in Microsoft 365 and Microsoft Office. Attackers need to convince users to load and manipulate a malicious file, leading to arbitrary code execution in the context of the user. Details about the attack specifics are scarce.
Other notable vulnerabilities fixed in Microsoft’s update include CVE-2024-30044, a critical flaw in SharePoint, and CVE-2024-30050, which involves a bypass of Windows Mark of the Web controls. Organizations should prioritize these updates to mitigate the risk of exploitation.
Action Required: Immediate deployment of the latest patches is crucial to protect systems from these critical vulnerabilities.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION