Windows 10 and 11 PC users need to update this patch immediately
The latest Patch Tuesday patch released by Microsoft helps fix two Zero-day vulnerabilities and related evidence that these vulnerabilities have been exploited by hackers to launch a new attack. So users need to update them as soon as possible.
Both Windows 10 and 11 are vulnerable.
The first vulnerability tracking number is CVE-2024-26234. This is a proxy driver spoofing vulnerability that could use valid Microsoft hardware publishing certificates to certify malicious drivers. Sophos X-Ops is the security firm that discovered this vulnerability in December 2023 and team leader Christopher Budd reported this vulnerability to Microsoft.
According to the report, the malicious file labeled 'Category Customer Authentication Service' appears to impersonate Thales Group. Further investigation revealed that the malware also came with a marketing software called 'LaiXi Android Screen Mirroring'.
While Sophos could not verify the authenticity of the LaiXi software, Budd said it believes the file is a malicious backdoor.
Users are advised to update immediately.
Another vulnerability identified as CVE-2024-29988 can bypass system protection mechanisms and disable SmartScreen prompts. The vulnerability was discovered by Peter Girnus of Trend Micro's Zero-Day Project and Dmitrij Lenz and Vlad Stolyarov of Google's Threat Analysis Team.
Dustin Childs, director of threat intelligence at ZDI, pointed out that attackers could use this vulnerability to evade EDR/NDR detection and bypass Mark of the Web (MoTW) functionality. , and can deploy many types of malware on the target Windows system.
You should read it
- Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
- Microsoft releases new Patch Tuesday update for Windows 10
- Microsoft patched a series of serious bugs for IE and Office next Tuesday
- Patch Tuesday security patch causes blue screen errors and slows down Windows 10
- Microsoft is about to release Patch Tuesday
- Microsoft released patches for more than 100 security holes on Windows
- Users should update Windows immediately to fix 33 vulnerabilities
- Microsoft fixes 61 vulnerabilities in latest Windows update
- Microsoft releases new update for Windows 10 and 11, fixing VPN errors
- Microsoft confirms Patch Tuesday patch May 2022 causes AD authentication error
- Microsoft released an updated patch for 25 critical security holes
- Update KB5013943 fixes screen flickering and problems with .NET apps on Windows 11
Maybe you are interested
There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Google Workspace security vulnerability caused thousands of user accounts to be attacked
Thousands of iOS apps could be at risk because of an open source vulnerability
Serious vulnerability in OpenSSH threatens millions of servers
Google releases emergency update to patch Chrome vulnerability