Microsoft recently published security updates as part of their regular “correction Tuesday” to address 143 vulnerabilities, two of which are already being actively exploited by attackers.
Out of the identified vulnerabilities, 5 are classified as critical, 136 as important, and 4 as moderate. These updates also include the elimination of 33 vulnerabilities in the Edge browser based on Chromium from the past month.
Two actively exploited vulnerabilities from the list are:
- cve-2024-38080 (CVSS score: 7.8) – a privilege escalation vulnerability in Windows Hyper-V.
- cve-2024-38112 (CVSS score: 7.5) – a vulnerability in the Windows MSHTML platform.
One of the actively exploited vulnerabilities, CVE-2024-38112, requires the attacker to send a malicious file to the victim, who then needs to launch it independently. Attackers are utilizing Windows Internet SHORTCUT (.URL) files to redirect victims to malicious URLs through an outdated Internet Explorer browser, concealing the harmful extension “.hta” and making it easier to exploit the vulnerability on modern operating systems.
CVE-2024-38080 is a privilege escalation vulnerability in Windows Hyper-V, allowing a local authenticated attacker to elevate to the System level after compromising the system. This vulnerability is the first of 44 known vulnerabilities in Hyper-V that has been actively exploited since 2022.
Additionally, two other vulnerabilities that have been publicly disclosed include:
- cve-2024-37985 (CVSS score: 5.9) – a side-channel attack on ARM systems allowing access to the memory of a privileged process.
- cve-2024-35264 (CVSS score: 8.1) – a remote code execution vulnerability affecting .NET and Visual Studio, enabling attackers to execute malicious code.
Microsoft also addressed 37 remote code execution vulnerabilities in the SQL Server Native Client Ole DB Provider,