Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.

The CCB would like to point your attention to following vulnerabilities:

CVE-2024-21407: Windows Hyper-V

Remote Code Execution vulnerability. This is one of the two Critical-rated bugs for this month with a CVSSv3 score of 8.1. The vulnerability would allow an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. This is often referred to as a guest-to-host escape and could be used to impact other guest OSes on the server.

CVE-2024-21408: Windows Hyper-V

Denial of Service vulnerability. This is the other critical vulnerability published this month in Windows Hyper-V with a CVSSv3 score of 5.5. Successful exploitation of this vulnerability allows an attacker to target a Hyper-V guest virtual machine, which can affect the functionality of the Hyper-V host. Because this is a local DoS attack, Microsoft deems exploitation less likely.

CVE-2024-21400: Azure Kubernetes Service

Elevation of Privilege Vulnerability. Microsoft fixed a vulnerability in Azure Kubernetes Service that could allow attackers to gain elevated privileges and steal credentials. The vulnerability has received a CVSSv3 score of 9.0 and is rated important by Microsoft. This bug allows an unauthenticated attacker to access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers. Successful exploitation would allow the attacker to steal credentials and affect other resources.

CVE-2024-21334: Open Management Infrastructure (OMI) management server

Remote Code Execution vulnerability. It was assigned a CVSSv3 score of 9.8 and is rated important by Microsoft. To exploit this vulnerability, a remote unauthenticated attacker could use a specially crafted request to trigger a use-after-free vulnerability. It’s not clear how many of these systems are reachable through the Internet, but it’s likely a significant number.

In addition, OMI received another patch this month, CVE-2024-21330 to address an EoP vulnerability.

CVE-2024-21433: Windows Print Spooler

Elevation of Privilege vulnerability. This vulnerability is rated as ”Exploitation More Likely,” and was assigned a CVSSv3 score of 7.0. Exploitation of this vulnerability would require an attacker to win a race condition which could grant the attacker SYSTEM privileges.

CVE-2024-26198: Microsoft Exchange Server

Remote Code Execution vulnerability. This vulnerability is a classic DLL loading vulnerability with a score of 8.8 and rated important by Microsoft. An attacker can place a specially crafted file in a location they control. They then entice a user to open the file, which loads the crafted DLL and leads to code execution. Last month Microsoft also released a DLL loading vulnerability. Initially, the vulnerability wasn’t actively exploited. However, shortly after its disclosure, it began to be actively exploited.