Address
33-17, Q Sentral.
2A, Jalan Stesen Sentral 2, Kuala Lumpur Sentral,
50470 Federal Territory of Kuala Lumpur
Contact
+603-2701-3606
[email protected]
Address
33-17, Q Sentral.
2A, Jalan Stesen Sentral 2, Kuala Lumpur Sentral,
50470 Federal Territory of Kuala Lumpur
Contact
+603-2701-3606
[email protected]
The Cybersecurity and Infrastructure Security Agency (CISA) has pinpointed several critical vulnerabilities in Microsoft Windows, urging users across all sectors to address these issues by October 1. This warning isn’t just for large organizations or federal employees but applies to anyone with a Windows-operated device. To assist in managing these threats, CISA recommends utilizing their Known Exploited Vulnerabilities (KEV) catalog—a tool that details the most urgent security gaps needing patches.
In the latest update to the KEV catalog, CISA has listed four severe vulnerabilities—each actively being exploited—which means fixing them is a race against time.
This vulnerability is a real concern for Windows 10, Windows 11, and Windows Server users. It allows attackers, who’ve already sneaked into your system, to gain even more control. They might get in through deceptive emails or by cracking passwords, and once inside, they can use this flaw to dig deeper into your system. Patching this is crucial.
Found in Windows 10, Windows 11, and Windows Server, this vulnerability lets attackers bypass the usual security alarms that warn users about suspicious files. This flaw is particularly alarming because it’s often used to spread ransomware, which locks users out of their own files and demands payment. The lack of warnings makes it even more dangerous.
This particularly severe vulnerability affects only a specific version of Windows 10 (version 1507) but packs a big punch with a 9.8/10 severity rating. Attackers exploiting this flaw can reverse security updates, making it as if they never happened and reopening old vulnerabilities. Immediate patching is necessary to prevent such attacks.
This vulnerability impacts Microsoft Publisher along with other Office applications, allowing attackers to override built-in security measures. It poses a significant threat to users of these applications, necessitating swift action.
Security professionals are sounding the alarm on these vulnerabilities. Satnam Narang from Tenable warns that CVE-2024-38014 could let attackers who have breached your system gain even more access. Saeed Abbasi from Qualys emphasizes the danger of CVE-2024-38217 in facilitating ransomware attacks due to its ability to bypass security alerts. Kev Breen from Immersive Labs highlights the deceitful nature of CVE-2024-43491, where systems appear secure but are actually vulnerable.
In response to these new threats, CISA is pushing for quick and decisive action. They emphasize the importance of patching these vulnerabilities promptly to safeguard against potential cyberattacks.
Act fast and update your systems to protect against these new, critical vulnerabilities in Microsoft Windows and Office applications!
CISA has identified four significant vulnerabilities in Microsoft systems. These include:
Anyone using Windows 10, Windows 11, Windows Server, Microsoft Publisher, or Microsoft Office should take immediate action. This includes individuals, businesses, and organizations. To protect your systems, follow CISA’s advice by:
The October 1 deadline is critical because these vulnerabilities are actively being exploited by hackers. Failing to patch these security gaps leaves your system vulnerable to attacks such as ransomware, unauthorized control of your computer, or the rollback of vital security updates. To avoid potential breaches and data loss, you must install the necessary patches by this deadline.
Sources Forbes