Man
Professional
- Messages
- 3,059
- Reaction score
- 585
- Points
- 113
Positive Technologies reports on cybersecurity trends.
In October 2024, Positive Technologies experts classified four vulnerabilities as trending. Among them are security flaws in Microsoft products and the XWiki platform for creating wikis.
The Windows vulnerabilities described below, according to data, potentially affect about a billion devices. The consequences can affect all users of outdated versions of the operating system.
Vulnerability in the MSHTML Platform Engine for Processing and Displaying HTML Pages CVE-2024-43573 (CVSS - 6.5)
An MSHTML vulnerability in Windows could lead to unauthorized disclosure of sensitive information. User interaction is required for operation. Attackers can send phishing emails with malicious attachments or links leading to specially prepared resources.
Windows Kernel Driver Elevation of Privilege Vulnerability CVE-2024-35250 (CVSS - 7.8)
The vulnerability allows privileges to be escalated to the SYSTEM level (the maximum in the operating system) by manipulating the request in the kernel driver. By taking full control of the system, the attacker can gain access to sensitive information and act on behalf of the local administrator, installing malware, modifying and deleting important files.
Vulnerability in the Kernel Streaming Platform for Data Processing that Could Allow Privilege Escalation in Windows CVE-2024-30090 (CVSS - 7.0)
An attacker who successfully exploits this vulnerability gains SYSTEM-level privileges. As with the previous vulnerability, it can perform actions on behalf of a local administrator and have access to sensitive information. A flaw in Kernel Streaming allows privilege escalation using invalid requests. Due to improper handling of events during request transformation, an attacker can exploit the error pattern and gain access to kernel mode.
To protect yourself, you need to download updates on Microsoft's official vulnerability pages: CVE-2024-43573, CVE-2024-35250, CVE-2024-30090.
Remote Code Execution Vulnerability in the XWiki Open Source Wiki Creation Platform CVE-2024-31982 (CVSS score 10.0; Critical)
The vulnerability, according to XWiki, could affect more than 21,000 potential victims. It is caused by the lack of validation of values in the search query. An attacker manipulates the text in the search bar to execute arbitrary code on the server. As a result, it can gain full control over the system in order to further develop the attack, for example, to inject malware.
To protect yourself, you need to update XWiki to versions 14.10.20, 15.5.4 and 15.10RC1. If for some reason this is not possible, the user can apply the fix to the Main.DatabaseSearch page.
Source
In October 2024, Positive Technologies experts classified four vulnerabilities as trending. Among them are security flaws in Microsoft products and the XWiki platform for creating wikis.
The Windows vulnerabilities described below, according to data, potentially affect about a billion devices. The consequences can affect all users of outdated versions of the operating system.
Vulnerability in the MSHTML Platform Engine for Processing and Displaying HTML Pages CVE-2024-43573 (CVSS - 6.5)
An MSHTML vulnerability in Windows could lead to unauthorized disclosure of sensitive information. User interaction is required for operation. Attackers can send phishing emails with malicious attachments or links leading to specially prepared resources.
Windows Kernel Driver Elevation of Privilege Vulnerability CVE-2024-35250 (CVSS - 7.8)
The vulnerability allows privileges to be escalated to the SYSTEM level (the maximum in the operating system) by manipulating the request in the kernel driver. By taking full control of the system, the attacker can gain access to sensitive information and act on behalf of the local administrator, installing malware, modifying and deleting important files.
Vulnerability in the Kernel Streaming Platform for Data Processing that Could Allow Privilege Escalation in Windows CVE-2024-30090 (CVSS - 7.0)
An attacker who successfully exploits this vulnerability gains SYSTEM-level privileges. As with the previous vulnerability, it can perform actions on behalf of a local administrator and have access to sensitive information. A flaw in Kernel Streaming allows privilege escalation using invalid requests. Due to improper handling of events during request transformation, an attacker can exploit the error pattern and gain access to kernel mode.
To protect yourself, you need to download updates on Microsoft's official vulnerability pages: CVE-2024-43573, CVE-2024-35250, CVE-2024-30090.
Remote Code Execution Vulnerability in the XWiki Open Source Wiki Creation Platform CVE-2024-31982 (CVSS score 10.0; Critical)
The vulnerability, according to XWiki, could affect more than 21,000 potential victims. It is caused by the lack of validation of values in the search query. An attacker manipulates the text in the search bar to execute arbitrary code on the server. As a result, it can gain full control over the system in order to further develop the attack, for example, to inject malware.
To protect yourself, you need to update XWiki to versions 14.10.20, 15.5.4 and 15.10RC1. If for some reason this is not possible, the user can apply the fix to the Main.DatabaseSearch page.
Source
