*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Identifier: CVE-2024-29990
Exploit or POC: No
Update: CVE-2024-29990 – Security Update Guide
Description: CVE-2024-29990 allows for elevation of privileges. Authentication and user interaction are not required for successful exploitation of this vulnerability. This vulnerability could allow an adversary to access Azure Kubernetes Container Services (i.e. AKS node and Confidential Container) to achieve control over confidential guest accounts and containers beyond the AKS (Azure Kubernetes Service) security scope. Subsequently, also allowing for credential theft.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-29990 – Security Update Guide.
SmartScreen Prompt Security Feature Bypass Vulnerability
Identifier: CVE-2024-29988
Exploit or POC: No
Update: CVE-2024-29988 – Security Update Guide
Description: CVE-2024-29988 allows for security bypassing. User interaction is required to successfully exploit this vulnerability. This vulnerability requires that an adversary employ social engineering tactics to convince an unwitting user to launch malicious files using a launcher application that mandates the UI does not display.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-29988 – Security Update Guide.
Microsoft Defender for IoT Remote Code Execution Vulnerability
Identifier: CVE-2024-29053
Exploit or POC: No
Update: CVE-2024-29053 – Security Update Guide
Description: CVE-2024-29053 allows for remote code execution. This vulnerability does not require user interaction however, authentication is a prerequisite for successful exploitation. The successful exploitation of this vulnerability could allow an adversary to upload malicious files to confidential locations on the target server.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-29053 – Security Update Guide.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Identifier: CVE-2024-20678
Exploit or POC: No
Update: CVE-2024-20678 – Security Update Guide
Description: CVE-2024-20678 allows for remote code execution. This vulnerability does not require user interaction or administrative privileges for exploitation. The successful exploitation of this vulnerability could allow an authenticated adversary to send specially crafted RPC calls to an RPC host. Thereby triggering arbitrary code execution on the server side with equivalent permissions to the RPC service.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-20678 – Security Update Guide.
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Identifier: CVE-2024-26179
Exploit or POC: No
Update: CVE-2024-26179 – Security Update Guide
Description: CVE-2024-26179 allows for remote code execution. User interaction is required for successful exploitation. This vulnerability can be exploited after a user has initiated connection to a malicious server. Thus, allowing an adversary to achieve remote code execution on the target user environment.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-26179 – Security Update Guide.
Win32k Elevation of Privilege Vulnerability
Identifier: CVE-2024-26241
Exploit or POC: No
Update: CVE-2024-26241 – Security Update Guide
Description: CVE-2024-26241 allows for elevation of privileges. The successful exploitation of this vulnerability does not require user interaction. This vulnerability could allow an adversary to achieve SYSTEM privileges following successful exploitation.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-26241 – Security Update Guide.
Secure Boot Security Feature Bypass Vulnerability
Identifier: CVE-2024-28903 & CVE-2024-28921
Exploit or POC: No
Update: CVE-2024-28903 – Security Update Guide & CVE-2024-28921 – Security Update Guide
Description: CVE-2024-28903 & CVE-2024-28921 allow for security bypassing. Successful exploitation of this vulnerability does not require user interaction. This vulnerability could allow an adversary to bypass Secure Boot.
Mitigation recommendation: Patching is currently the only method of mitigation. Please update to the latest software versions listed in the CVE-2024-28903 – Security Update Guide and the CVE-2024-28921 – Security Update Guide.
