Patchday: Attacks on Microsoft Windows
Patchday: Attackers bypass security function again and attack Windows
Microsoft has released important security updates for Bitlocker, Office and Windows Defender, among others. Attackers are already exploiting two vulnerabilities.
Anyone using Microsoft software should ensure that Windows Update is active and the latest security patches are installed. Otherwise, systems are vulnerable and, in the worst case, attackers can completely compromise PCs via malicious code attacks.
Attacks on Windows
Attackers are currently targeting a vulnerability (CVE-2024-29988"high") in the Windows security function SmartScreen-Filter. The system uses this to identify whether downloaded files originate from a trustworthy source (Mark-of-the-Web marking, MoTW). If the check raises an alarm, the protection mechanism prevents the file from being executed.
Attackers are currently bypassing precisely this check in ongoing attacks. Victims think they are safe because of SmartScreen filters and trust a downloaded file, but when they execute it, they get a Trojan on their computer. However, an attacker still has to persuade the victim to open the file containing the malicious code. Attacks are therefore not possible without further ado. According to a warning message, current Windows and Windows Server versions are at risk. Such attacks have occurred more frequently in recent times.
The second currently exploited vulnerability (CVE-2024-26234"medium") also affects current Windows desktop and Windows Server versions. Attackers can target these vulnerable systems with a proxy driver spoofing attack. Microsoft is not currently specifying concrete attack scenarios and the effects of attacks.
Further dangers
Microsoft classifies three vulnerabilities (CVE-2024-21322"high", CVE-2024-21323"high", CVE-2024-29053"high") in Defender for IoT as critical, allowing attackers to launch malicious code attacks in an unspecified way.
In Azure, attackers can gain unauthorized access to information via a vulnerability in the AI search(CVE-202429063 "high"). A vulnerability in Azure CycleCloud(CVE-2024-29993 "high") allows attackers to gain higher user rights.
Microsoft lists further vulnerabilities in its Security Update Guide.