Microsoft Rolls Out 157 Bug Fixes in Latest Update

Microsoft has released 157 fixes as part of its "Patch Tuesday" updates, which includes addressing seven Chromium bugs in the Edge browser. However, critical vulnerabilities are relatively scarce in this batch of updates.CVE-2024-26234, with a CVSS score of 6.7, has garnered attention because Microsoft has observed active exploits in the wild.

Discovered by Sophos' Christopher Budd, this vulnerability is classified by Microsoft as a "proxy driver spoofing vulnerability," resulting in improper access control. Notably, this vulnerability is locally exploitable, meaning it can be exploited only from within the system itself.Budd's investigation unveiled intriguing details about the discovered file. He observed that the metadata associated it with a component labeled as the "Catalog Authentication Client Service," purportedly originating from a source named "Catalog Thales."

This finding raised suspicion of a possible attempt to masquerade as the reputable company Thales Group, adding a layer of complexity to the analysis.Furthermore, Sophos, a leading cybersecurity firm, corroborated Budd's findings, indicating prior encounters with the same malicious file. According to their records, the file had been previously identified as a setup file for a product called "LaiXi Screen Mirroring." This revelation deepens the intrigue surrounding the file's true nature and underscores the importance of ongoing vigilance in cybersecurity efforts.

Budd's firm assertion stated, "We have determined with confidence that the file under investigation is indeed a malicious backdoor."CVE-2024-29988 piqued interest despite its CVE score of 8.8. Notably, while Microsoft's official documentation does not explicitly mention it, Trend's Zero Day Initiative (ZDI) reported instances of exploitation occurring in the wild. This particular vulnerability, identified as a SmartScreen security bypass, has raised concerns among cybersecurity experts.

ZDI highlighted the tactics employed by threat actors, who utilize zipped files to circumvent detection by Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) systems. Subsequently, these actors leverage CVE-2024-29988, among other vulnerabilities, to bypass Mark-of-the-Web (MotW) protections.Additionally, CVE-2024-29990 emerged as another noteworthy vulnerability, affecting Azure Kubernetes service, with a CVSS score of 9.0. This vulnerability underscores the importance of proactive measures to mitigate risks associated with potential exploits.

The vulnerability identified as an elevation of privilege flaw within Azure Kubernetes' confidential containers presents a critical security concern. Microsoft outlined the potential risk, stating that an unauthenticated attacker could exploit this vulnerability to pilfer credentials and extend their influence to resources outside the security confines managed by Azure Kubernetes Service Confidential Containers (AKSCC).

This security lapse could grant unauthorized access to the untrusted AKS Kubernetes node and AKS Confidential Container, providing attackers with the capability to compromise confidential guests and containers that extend beyond the network stack they are ostensibly bound to. Such unauthorized access poses significant risks to the integrity and confidentiality of sensitive data and systems, emphasizing the urgency for remediation measures to address this vulnerability promptly.

Microsoft has classified three vulnerabilities in Defender for IoT as "critical," despite none of them scoring above 9 on the CVSS.CVE-2024-21322 represents a remote code execution (RCE) vulnerability, albeit one that can only be exploited by an administrator.CVE-2024-21323 is another RCE vulnerability, requiring the attacker to send a malicious update package to a Defender for IoT sensor. However, the attacker must authenticate themselves first to obtain the necessary permissions.

CVE-2024-21323 can be exploited using a malicious tar file, enabling the attacker to send unsigned update packages and freely overwrite any file they choose.Lastly, CVE-2024-29053 exposes a path traversal vulnerability that can be exploited by any authenticated user. Despite their individual CVSS scores, the critical classification underscores the severity of these vulnerabilities and the imperative for swift remediation measures.