*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Identifier: CVE-2024-21334
Exploit or POC: No
Update: CVE-2024-21334 – Security Update Guide
Description: CVE-2024-21334 allows for remote code execution. Authentication and user interaction are not required to exploit this vulnerability. Successful exploitation could allow an adversary the ability to access the OMI instance from the Internet and send specially crafted requests to allow a use-after-free vulnerability.
Mitigation recommendation: Mitigation steps listed here: CVE-2024-21334 – Security Update Guide
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Identifier: CVE-2024-21400
Exploit or POC: No
Update: CVE-2024-21400 – Security Update Guide
Description: CVE-2024-21400 allows for elevation of privileges. Authentication and user interaction are not required for successful exploitation. This vulnerability could allow an adversary to access the untrusted AKS Kubernetes node and the AKS Confidential Container to take over confidential containers and guests beyond the network stack.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21400 – Security Update Guide.
Microsoft Exchange Server Remote Code Execution Vulnerability
Identifier: CVE-2024-26198
Exploit or POC: No
Update: CVE-2024-26198 – Security Update Guide
Description: CVE-2024-26198 allows for remote code execution. Successful exploitation of this vulnerability requires user interaction. This vulnerability could allow an unauthenticated adversary the ability to place a specially crafted file on an online directory or inside a local network and then employ social engineering techniques to convince an unwitting user to open the malicious file. Subsequently, loading the malicious DLL and initiating arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-26198 – Security Update Guide.
Skype for Consumer Remote Code Execution Vulnerability
Identifier: CVE-2024-21411
Exploit or POC: No
Update: CVE-2024-21411 – Security Update Guide
Description: CVE-2024-21411 allows for remote code execution. Successful exploitation of this vulnerability requires user interaction. This vulnerability could allow an adversary the ability to send a target user a malicious link or image and entice the user to click the link or image.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21411 – Security Update Guide.
Microsoft ODBC Driver Remote Code Execution Vulnerability
Identifier: CVE-2024-21440, CVE-2024-21451, CVE-2024-26159,
CVE-2024-26162
Exploit or POC: No
Update: CVE-2024-21440 – Security Update Guide, CVE-2024-21451 – Security Update Guide, CVE-2024-26159 – Security Update Guide, CVE-2024-26162 – Security Update Guide
Description: CVE-2024-21440, CVE-2024-21451, CVE-2024-26159, and CVE-2024-26162 allow for remote code execution. Authentication and user interaction are both required to successfully exploit this vulnerability. Successful exploitation could allow an adversary to employ social engineering techniques to convince an authenticated user to make a network connection to a malicious SQL database using their SQL client application. The established connection would allow the server to send specially crafted replies to the compromised client allowing for remote code execution.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21440 – Security Update Guide, CVE-2024-21451 – Security Update Guide, CVE-2024-26159 – Security Update Guide, and CVE-2024-26162 – Security Update Guide
Windows OLE Remote Code Execution Vulnerability
Identifier: CVE-2024-21435
Exploit or POC: No
Update: CVE-2024-21435 – Security Update Guide
Description: CVE-2024-21435 allows for remote code execution. Authentication and user interaction are not required to successfully exploit this vulnerability. This vulnerability could allow an unauthenticated adversary the ability to place a specially crafted file on an online directory or inside a local network and then employ social engineering techniques to convince an unwitting user to open the malformed file. Subsequently, loading the malicious DLL and initiating arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21435 – Security Update Guide.
Windows Hyper-V Remote Code Execution Vulnerability
Identifier: CVE-2024-21407
Exploit or POC: No
Update: CVE-2024-21407 – Security Update Guide
Description: CVE-2024-21407 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. Successful exploitation would allow an authenticated adversary to send specially crafted file operation requests on the VM to hardware resources on the VM.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21407 – Security Update Guide.
Microsoft Office Elevation of Privilege Vulnerability
Identifier: CVE-2024-26199
Exploit or POC: No
Update: CVE-2024-26199 – Security Update Guide
Description: CVE-2024-26199 allows for elevation of privileges. User interaction is not required to successfully exploit this vulnerability. Successful exploitation could allow an authenticated adversary the ability to achieve SYSTEM level privileges.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-26199 – Security Update Guide.
