The second zero-day vulnerability, CVE-2024-38112, is found in MSHTML, the engine behind Internet Explorer. Exploiting this vulnerability involves a complex attack chain requiring specific preparatory actions on the target system. Despite limited details from Microsoft, it affects all systems from Windows Server 2008 R2 onwards.
Additionally, CVE-2024-38021, a remote code execution flaw in Microsoft Office, can lead to NTLM hash disclosure. Although Microsoft rates this as ‘important,’ security firm Morphisec argues it should be considered ‘critical’ due to its ease of exploitation.
These vulnerabilities highlight the importance of timely patching to mitigate risks. Last month’s updates also addressed a ‘ping-of-death’ vulnerability in Windows Layer Two Bridge Network. Microsoft advises prioritizing these patches to protect against ongoing threats.
Source: Krebs on Security
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.