16 new security vulnerabilities can cause systems using Microsoft software to be attacked

Review to identify Windows computers affected by vulnerabilities

A warning about 16 security vulnerabilities with high and serious impacts in Microsoft products has just been sent by the Department of Information Security (Ministry of Information and Communications) to specialized IT and information security units of ministries, branches and localities. direction; corporations, state-owned corporations, joint stock commercial banks, and financial institutions.

The above vulnerabilities were warned by the Information Security Department on the basis of evaluation and analysis from the April 2024 patch list announced by Microsoft with 147 vulnerabilities existing in this technology company's products.

Among the 16 newly warned security vulnerabilities, there are 2 vulnerabilities that experts recommend to pay special attention to, which are: Vulnerability CVE-2024-20678 in Remote Procedure Call Runtime - RPC (a component of Windows facilitates communication between different processes in the system over the network - PV), allowing attackers to remotely execute code; CVE-2024-29988 vulnerability in SmartScreen (a security feature built into Windows), allows attackers to bypass protection mechanisms.

The list of security vulnerabilities in Microsoft products warned this time also includes 12 vulnerabilities that allow attackers to execute remote code, including: 3 vulnerabilities CVE-2024-21322, CVE-2024- 21323, CVE2024-29053 in 'Microsoft Defender for IoT'; CVE-2024-26256 vulnerability in the open source library Libarchive; CVE-2024-26257 vulnerability in Microsoft Excel spreadsheet; 7 vulnerabilities CVE-2024-26221, CVE-2024-26222, CVE2024-26223, CVE-2024-26224, CVE-2024-26227, CVE-2024-26231 and CVE2024-26233 in 'Windows DNS Server'.

In addition, units are also advised to pay attention to two vulnerabilities that allow subjects to perform spoofing attacks - Spoofing, including the vulnerability CVE-2024-20670 in Outlook for Windows software that exposes 'NTML'. hash' and the vulnerability CVE-2024-26234 in Proxy Driver.

The Department of Information Security recommends that agencies, organizations as well as businesses check, review and identify computers using potentially affected Windows operating systems, and promptly update patches to prevent Avoid the risk of cyber attacks. The goal is to ensure information security for the units' information systems, contributing to ensuring the safety of Vietnam's cyberspace.

Units are also recommended to increase monitoring and be ready with solutions when detecting signs of cyber exploitation or attack. Along with that, regularly monitor warning channels of authorities and large information security organizations to promptly detect cyber attack risks.

Also in April, the Information Security Department warned and instructed units to review and fix the security vulnerability CVE-2024-3400 in PAN-OS software. The exploit code for this vulnerability has been used by subjects to attack the information systems of many agencies and organizations. Units using PAN-OS software are recommended to update patches for affected versions released on April 14.

Prioritize addressing potential risks in the system

Attacking systems by exploiting security holes in commonly used software and technology solutions is always identified by experts as one of the prominent cyber attack trends. Not only exploiting zero-day vulnerabilities (undiscovered vulnerabilities) or new security vulnerabilities announced by companies, cyber attack groups also actively scan for discovered security vulnerabilities. from a long time ago to exploit and act as a springboard to attack systems.

However, in reality, the Department of Information Security and agencies and units operating in the field of information security regularly issue warnings about new vulnerabilities or new attack trends, but many agencies Authorities and units have not really paid attention to timely updates and handling.

Sharing about a specific case of supporting an organization that was attacked at the end of March, expert Vu Ngoc Son, Technical Director of NCS Company recounted: 'After analysis, we realized that the incident should have happened. The matter must be handled in advance, because this organization has been warned that the receptionist account has been hacked and needs to be handled immediately. Because they thought the receptionist account was not important, this organization ignored it and did not process it. Hackers used the receptionist account, exploited vulnerabilities, took administrative rights and performed system attacks' .

Statistics shared by the Department of Information Security at the end of last year showed that more than 70% of organizations have not paid attention to reviewing and updating and patching warned vulnerabilities and weaknesses. .

Faced with the above situation, among the 6 key task groups recommended by ministries, branches, localities, agencies, organizations and businesses to focus on implementation in 2024, the Information Security Department requires units to Prioritize addressing potential or existing risks in the system.

'Entities should address identified risks and existing risks in the system before thinking about investing to protect themselves against new risks. Periodically checking and evaluating information security according to regulations and hunting for threats to detect and eliminate risks on the system is very important and should be done regularly', representative of the Department of Safety. emphasized information.

David Pac

Update 19 April 2024