*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Internet Shortcut Files Security Feature Bypass Vulnerability
Identifier: CVE-2024-21412
Exploit or POC: Yes (Actively Being Exploited)
Update: CVE-2024-21412 – Security Update Guide
Description: CVE-2024-21412 allows for security feature bypassing. User interaction is required to successfully exploit this vulnerability. An adversary attempting to exploit this vulnerability would be required to employ social engineering tactics to convince an unwitting user to click on the file link. Successful exploitation could allow an unauthenticated adversary to send a specially crafted file to a target user that is designed to circumvent displayed security checks.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21412 – Security Update Guide.
Windows SmartScreen Security Feature Bypass Vulnerability
Identifier: CVE-2024-21351
Exploit or POC: Yes (Actively Being Exploited)
Update: CVE-2024-21351 – Security Update Guide
Description: CVE-204-21351 allows for security feature bypassing. User interaction is required to successfully exploit this vulnerability. This vulnerability could allow an adversary to inject code into SmartScreen to achieve code execution. Successful exploitation of this vulnerability could allow an adversary to send a targeted user a malicious file and entice an unwitting user into opening the file.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21351 – Security Update Guide.
Microsoft Exchange Server Elevation of Privilege Vulnerability
Identifier: CVE-2024-21410
Exploit or POC: No instances of attempts to exploit reported.
Update: CVE-2024-21410 – Security Update Guide
Description: CVE-2024-21410 allows for elevation of privileges. User interaction is not required to successfully exploit. This vulnerability could allow an adversary to target an NTLM client (e.g. Outlook) with an NTLM credentials-leaking type vulnerability. Subsequently, allowing the adversary to relay the leaked credentials against the Exchange server to secure privileges as the victim client and perform operations.
Mitigation recommendation: Mitigation steps listed here – CVE-2024-21410 – Security Update Guide
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Identifier: CVE-2024-21401
Exploit or POC: No instances of attempts to exploit reported.
Update: CVE-2024-21401 – Security Update Guide
Description: CVE-2024-21401 allows for elevation of privileges. Successful exploitation of this vulnerability does not require authentication or user interaction. CVE-2024-21401 could allow an adversary to run and script and grant access to a targeted Jira server over the internet.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21401 – Security Update Guide.
Microsoft Outlook Remote Code Execution Vulnerability
Identifier: CVE-2024-21413
Exploit or POC: No instances of attempts to exploit reported.
Update: CVE-2024-21413 – Security Update Guide
Description: CVE-2024-21413 allows for remote code execution. Successful exploitation of this vulnerability does not require user interaction. This vulnerability could allow an adversary to circumvent the Office Protected View and secure read and write permissions.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21413 – Security Update Guide.
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Identifier: CVE-2024-21364
Exploit or POC: No instances of attempts to exploit reported.
Update: CVE-2024-21364 – Security Update Guide
Description: CVE-2024-21364 allows for elevation of privileges. User interaction is not required to successfully exploit this vulnerability. CVE-2024-21364 could allow an adversary with local access to a machine with Azure Site Recovery (ASR) to execute code that allows elevated privileges to the IUSR (Anonymous User Identity).
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21364 – Security Update Guide.
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Identifier: CVE-2024-21376 & CVE-2024-21403
Exploit or POC: No instances of attempts to exploit reported.
Update: CVE-2024-21376 – Security Update Guide and CVE-2024-21403 – Security Update Guide
Description: CVE-2024-21376 & CVE-2024-21403 allow for elevation of privileges. Successful exploitation of the vulnerabilities listed above do not require authentication or user interaction. These vulnerabilities could allow an adversary to gain access to the untrusted AKS Kubernetes node and AKS Confidential Container to take control of the containers and confidential guests that could potentially be bound to the network stack.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21376 – Security Update Guide and CVE-2024-21403 – Security Update Guide.
Windows Kernel Elevation of Privilege Vulnerability
Identifier: CVE-2024-21345
Exploit or POC: No instances of attempts to exploit reported.
Update: CVE-2024-21345 – Security Update Guide
Description: CVE-2024-21345 allows for elevation of privileges. Successful exploitation of this vulnerability does not require user interaction. This vulnerability could allow an authenticated adversary to execute launch an application that could grant control of the targeted destination and source copy, thereby securing SYSTEM privileges.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21345 – Security Update Guide.
