Friend
Professional
- Messages
- 2,653
- Reaction score
- 860
- Points
- 113
Microsoft and WordPress are at the epicenter of threats.
In August 2024, Positive Technologies specialists identified six of the most dangerous vulnerabilities that require immediate elimination or compensatory measures. Five of these vulnerabilities were found in Microsoft products, and one was in the LiteSpeed Cache plugin for WordPress CMS.
Key vulnerabilities pose a serious threat to the security of companies. They are already being actively used by cybercriminals or may be used in the near future. To identify such threats, Positive Technologies specialists analyze information from various sources, including databases of vulnerabilities and exploits, security bulletins, social networks, and blogs.
A critical vulnerability is the Remote Code Execution Capability in Windows Remote Desktop Licensing Service (CVE-2024-38077), which has a CVSS score of 9.8. The vulnerability threatens approximately 170 thousand nodes, which allows an attacker to execute arbitrary code on a remote system, gaining full control over it. Possible consequences include malware injection, data theft, and system disruption.
The second vulnerability is related to the bypass of the Mark of the Web (CVE-2024-38213) security feature in Windows. It allows you to distribute malicious files under the guise of legitimate programs, avoiding the activation of Windows' defense mechanisms. The vulnerability has a CVSS score of 6.5 and can be used by attackers to bypass SmartScreen scanning.
This is followed by the Windows kernel privilege escalation vulnerability (CVE-2024-38106), which received a CVSS score of 7.0. It allows attackers to elevate their privileges to the SYSTEM level, which opens the door to further attacks. As a result, attackers can take full control of the system and develop the attack.
Another vulnerability is related to the Ancillary Function (AFD.sys) driver (CVE-2024-38193). It is rated at 7.8 on CVSS and also allows attackers to escalate privileges to the SYSTEM level. The vulnerability is actively exploited by the Lazarus group, which uses a rootkit to bypass protection and monitoring systems.
The vulnerability in the Power Dependency Coordinator component (CVE-2024-38107) received the same score (7.8) and also allows privilege escalation to the SYSTEM level. It requires local access to the system, but was actively exploited as a 0-day vulnerability before security updates were released.
To protect yourself, you need to download security updates from the official Microsoft pages dedicated to the relevant vulnerabilities: CVE-2024-38077, CVE-2024-38106, CVE-2024-38193, CVE-2024-38107, and CVE-2024-38213.
Finally, the vulnerability in the LiteSpeed Cache plugin for WordPress (CVE-2024-28000) received a critical CVSS score of 9.8. It threatens more than five million sites, allowing unauthenticated attackers to gain administrator privileges. This can lead to a complete compromise of the site, data theft, and damage to resources.
To fix this vulnerability, you need to download the security update for the plugin version 6.4 from the official WordPress page.
Source
In August 2024, Positive Technologies specialists identified six of the most dangerous vulnerabilities that require immediate elimination or compensatory measures. Five of these vulnerabilities were found in Microsoft products, and one was in the LiteSpeed Cache plugin for WordPress CMS.
Key vulnerabilities pose a serious threat to the security of companies. They are already being actively used by cybercriminals or may be used in the near future. To identify such threats, Positive Technologies specialists analyze information from various sources, including databases of vulnerabilities and exploits, security bulletins, social networks, and blogs.
A critical vulnerability is the Remote Code Execution Capability in Windows Remote Desktop Licensing Service (CVE-2024-38077), which has a CVSS score of 9.8. The vulnerability threatens approximately 170 thousand nodes, which allows an attacker to execute arbitrary code on a remote system, gaining full control over it. Possible consequences include malware injection, data theft, and system disruption.
The second vulnerability is related to the bypass of the Mark of the Web (CVE-2024-38213) security feature in Windows. It allows you to distribute malicious files under the guise of legitimate programs, avoiding the activation of Windows' defense mechanisms. The vulnerability has a CVSS score of 6.5 and can be used by attackers to bypass SmartScreen scanning.
This is followed by the Windows kernel privilege escalation vulnerability (CVE-2024-38106), which received a CVSS score of 7.0. It allows attackers to elevate their privileges to the SYSTEM level, which opens the door to further attacks. As a result, attackers can take full control of the system and develop the attack.
Another vulnerability is related to the Ancillary Function (AFD.sys) driver (CVE-2024-38193). It is rated at 7.8 on CVSS and also allows attackers to escalate privileges to the SYSTEM level. The vulnerability is actively exploited by the Lazarus group, which uses a rootkit to bypass protection and monitoring systems.
The vulnerability in the Power Dependency Coordinator component (CVE-2024-38107) received the same score (7.8) and also allows privilege escalation to the SYSTEM level. It requires local access to the system, but was actively exploited as a 0-day vulnerability before security updates were released.
To protect yourself, you need to download security updates from the official Microsoft pages dedicated to the relevant vulnerabilities: CVE-2024-38077, CVE-2024-38106, CVE-2024-38193, CVE-2024-38107, and CVE-2024-38213.
Finally, the vulnerability in the LiteSpeed Cache plugin for WordPress (CVE-2024-28000) received a critical CVSS score of 9.8. It threatens more than five million sites, allowing unauthenticated attackers to gain administrator privileges. This can lead to a complete compromise of the site, data theft, and damage to resources.
To fix this vulnerability, you need to download the security update for the plugin version 6.4 from the official WordPress page.
Source
