Last month several days after Patch Tuesday, the company updated two advisories to say that those particular vulnerabilities were being exploited in the wild.
One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.
Microsoft obviously knew that when they first published the associated advisory, but only confirmed in-the-wild exploitation after Avast went public with the information.
Time will tell if Microsoft will repeat the trick this month.
In the meantime, admins must begin prioritizing patches based on the information that's currently available.
Two critical Windows Hyper-V vulnerabilities have been fixed, one allowing remote code execution via a so-called guest-to-host escape, and the other denial of service.
Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative, singled out CVE-2024-26198, an unauthenticated RCE flaw affecting Microsoft Exchange Server, as important.
The patch is delivered via cumulative updates for Microsoft Exchange Server 2016 and 2019.
CVE-2024-21400, an elevation of privilege vulnerability affecting Azure Kubernetes Service Confidential Containers, may allow unauthenticated attackers to steal credentials and manipulate resources not intended to be accessible.
He also singled out CVE-2024-21390, an elevation of privilege flaw in Microsoft Authenticator, as interesting - though to exploit it, an attacker must already have an established presence on the mobile device (either via malware or a malicious app.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 12 Mar 2024 20:13:05 +0000