Microsoft security bypass bug said to be under exploit The Register

Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too.
The bug the IT giant said was being abused in the wild is CVE-2024-26234, described as a proxy driver spoofing vulnerability in Windows.
Microsoft initially listed it as non-exploited then during the day upgraded that to exploited.
Running the program would introduce the backdoor on the victim's PC. Now, according to Sophos, Microsoft has revoked the software's certification and assigned the issue CVE-2024-26234.
According to Redmond, that was the only security hole exploited in the wild addressed in its Patch Tuesday for April.
Trend Micro's Zero Day Initiative says a separate vulnerability, spotted and reported by bug hunter Peter Girrus, was under attack in the wild before Microsoft issued a patch this week.
Let's start with the bug ZDI categorizes as being under exploit in the wild.
This one is a SmartScreen prompt security feature bypass vulnerability tracked as CVE-2024-29988, and it received an 8.8 out of 10 CVSS severity rating.
Assuming an attacker can fool someone into clicking on a malicious link or opening a malware-laden file, the bug allows them to bypass the SmartScreen security feature in Windows that's supposed to alert users to any untrusted websites or other threats.
While Microsoft's monthly patch party fixes 70 CVEs that allow remote code execution, it only classified three of these as critical-severity bugs and all three are in Microsoft Defender for IoT. First up: CVE-2024-21322, which received a 7.2 CVSS rating.
Adobe this month issued nine patches that fix 24 CVEs across its products, and none are listed as under attack or publicly known.
Two critical vulnerabilities, one in Adobe Commerce and another present in Media Encoder could allow remote code execution.
SAP released a dozen new and updated security notes.
Of the trio, #3434839 patches a so-called security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine that received an 8.8 CVSS score.
Another high priority note, #3421384, fixes an information disclosure vulnerability in SAP BusinessObjects Web Intelligence, while the third high priority one, #3438234, addresses a directory traversal vulnerability in two programs of SAP Asset Accounting.
Fortinet released updates to fix security holes in FortiOS and FortiProxy.
CVE-2023-48784, in the FortiOS command line interface could allow a local attacker with admittedly super-admin privileges and CLI access to execute arbitrary code.
Plus, there's a patch for CVE-2024-23662 in FortiOS that, if the bug is exploited, can lead to information disclosure.
The most serious of the bunch is an unauthenticated command injection vulnerability in SD-WAN Edge tracked as CVE-2024-22246.
Rounding out April's Patchapalooza, albeit over a week early, Google has addressed almost 30 bugs affecting Android devices in this month's Android Security Bulletin.


This Cyber News was published on go.theregister.com. Publication date: Wed, 10 Apr 2024 00:58:04 +0000


Cyber News related to Microsoft security bypass bug said to be under exploit The Register

Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
10 months ago Darkreading.com
Microsoft SFI progress report elicits cautious optimism | TechTarget - "After a year, it looks like Microsoft has made some smart and substantive initial progress in elevating security across the whole organization: investment in security-focused head count, inclusion of security into performance reports across the ...
2 months ago Techtarget.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Microsoft takes down websites used to create 750 million fraudulent accounts - Microsoft seized certain websites run by a Vietnam-based group that created roughly 750 million fraudulent Microsoft accounts after the software maker received a court order a week ago from the Southern District of New York. Posting to its blog Dec. ...
1 year ago Packetstormsecurity.com
Microsoft security bypass bug said to be under exploit The Register - Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. The bug the IT giant said was ...
8 months ago Go.theregister.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
9 months ago Techcommunity.microsoft.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
Cyberattacks Intensify on Israeli and Palestinian Human Rights Groups - Hackers have stepped up efforts to take down the websites of Israeli and Palestinian humanitarian groups since Hamas attacked Israel on Oct. 7.The spike in cyberattacks on Israeli human rights organization B'Tselem has reached levels similar to ...
1 year ago Wsj.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com
The state of container security: 5 key steps to locking down your releases - Over the last couple of years, the rise in software supply chain attacks has increased container security risks - and heightened the need for organizations to deploy controls for managing and mitigating those risks. As containers have become ...
11 months ago Securityboulevard.com
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update - In what's sure to be a refreshing break for IT and security teams, Microsoft's monthly security update for December 2023 contained fewer vulnerabilities for them to address than in recent months. The update included fixes for a total of 36 ...
1 year ago Darkreading.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
11 months ago Microsoft.com
Majority in new survey worried about being tricked by scammer - The majority of respondents in a new survey say they are worried about being tricked by a scammer, making it the second-highest crime concern for Americans. In a Gallup survey released Tuesday, 57 percent of respondents say they either frequently or ...
1 year ago Thehill.com
Cohesity Research Reveals Most Companies Pay Millions in Ransoms - PRESS RELEASE. SAN JOSE, Calif. - January 30, 2024 - Research commissioned by Cohesity, a leader in AI-powered data security and management, reveals today's pervasive cyberattacks are forcing the majority of companies to pay ransoms and break their ...
10 months ago Darkreading.com
Bad Password May Have Led to Pennsylvania Water System Hack - TNS) - Federal and state security officials said a poor or even default password could be the weak link that enabled hackers to break into a Pittsburgh-area water system. The Municipal Water Authority of Aliquippa suffered the cyberattack on ...
1 year ago Govtech.com
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts - Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. ...
1 year ago Thehackernews.com
Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
7 months ago Microsoft.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
​​Microsoft is a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms - It's no secret that ransomware is top of mind for many chief information security officers as the number of attacks has increased exponentially. Scaling device protection and security operations center efficiency by simplifying, automating, and ...
11 months ago Microsoft.com
Microsoft Copilot for Security ready for takeoff The Register - Microsoft Copilot for Security, a subscription AI security service, will be generally available on April 1, 2024, the company announced on Wednesday. Its arrival on April Fool's Day is purely coincidental. As a measure of the company's commitment to ...
9 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)