*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Windows MSHTML Platform Security Feature Bypass Vulnerability
Identifier: CVE-2024-30040
Exploit or POC: Yes (Actively Being Exploited)
Update Guide: CVE-2024-30040 – Security Update Guide Description: CVE-2024-30040 allows for security bypassing. This vulnerability does not require authentication, however successful exploitation would require an attacker to employ social engineering tactics to engage an unwitting user to interact with a malicious document. This vulnerability could allow an adversary to bypass the OLE mitigations in Microsoft 365 and Microsoft Office.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software version listed in the CVE-2024-30040 – Security Update Guide.
Windows DWM Core Library Elevation of Privilege Vulnerability
Identifier: CVE-2024-30051
Exploit or POC: Yes (Actively Being Exploited)
Update Guide: CVE-2024-30051 – Security Update Guide Description: CVE-2024-30051 allows for elevation of privileges. This vulnerability does not require user interaction for successful exploitation. The successful exploitation of this vulnerability could allow an adversary to achieve SYSTEM privileges.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30051 – Security Update Guide.
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Identifier: CVE-2024-30006
Exploit or POC: No
Update Guide: CVE-2024-30006 – Security Update GuideDescription: CVE-2024-30006 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to connect to a malicious SQL server via OLEDB, resulting in the server sending a malicious networking packet.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30006 – Security Update Guide.
Microsoft Brokering File System Elevation of Privilege Vulnerability
Identifier: CVE-2024-30007
Exploit or POC: No
Update Guide: CVE-2024-30007 – Security Update Guide Description: CVE-2024-30007 allows for elevation of privileges. Authentication and user interaction are not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability could allow an adversary to authenticate against a remote host using the compromised user’s credentials. This vulnerability can be exploited by leveraging a security oversight in the driver’s management of network path validations.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30007 – Security Update Guide.
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Identifier: CVE-2024-30009
Exploit or POC: No
Update Guide: CVE-2024-30009 – Security Update Guide Description: CVE-2024-30009 allows for remote code execution. User interaction is required to successfully exploit this vulnerability. The successful exploitation of this vulnerability requires a client connection to a malicious server. Subsequently, allowing the adversary to achieve code execution on the client.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30009 – Security Update Guide.
Windows Hyper-V Remote Code Execution Vulnerability
Identifier: CVE-2024-30010
Exploit or POC: No
Update Guide: CVE-2024-30010 – Security Update Guide
Description: CVE-2024-30010 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. This vulnerability could allow an authenticated adversary to send malformed packets to Hyper-V Replica endpoints on the host from a remote machine.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30010 – Security Update Guide.
Windows Hyper-V Remote Code Execution Vulnerability
Identifier: CVE-2024-30017
Exploit or POC: No
Update Guide: CVE-2024-30017 – Security Update Guide
Description: CVE-2024-30017 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability could allow an authenticated adversary to send specially crafted file operations requests from a guest VM on the available hardware resources on the VM. Thereby resulting in remote code execution on the host server.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30017 – Security Update Guide.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Identifier: CVE-2024-30044
Exploit or POC: No
Update Guide: CVE-2024-30044 – Security Update Guide Description: CVE-2024-30044 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. This vulnerability could allow an authenticated adversary with Site Owner permissions to upload a specially crafted file to the targeted SharePoint Server with tailored API requests to initiate deserialization of the file’s parameters.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30044 – Security Update Guide.