Trending Posts :
logo
HomeNewsMicrosoft Windows Urgent Update: Users Have 21 Days to Patch Critical Vulnerabilities
Technology

Microsoft Windows Urgent Update: Users Have 21 Days to Patch Critical Vulnerabilities

By Debra Middleton
10-Jul-24

Microsoft Windows users are under the threat from the recently discovered CVE-2024-38112 vulnerability that is already being actively exploited by cybercriminals. The matter concerns Windows Internet Shortcut files that invoke the now-defunct Internet Explorer (IE) to open attacker-controlled URLs with the help of IE’s lessened security on a modern Windows 10/11 system.

Key Details:

Vulnerability Exploited:

  • Malicious people use Windows Internet Shortcut files to unleash IE.  
  • The exploit then loads a page with the attackers’ choice of Query String; this significantly hands the attackers the reigns.

Government Action: 

  • CISA has included the vulnerability in its KSV known database and refers to it as KSV number 480536. 
  • Required updates or off-anchoring of the federal systems by July 30, 2024.

Additional Vulnerabilities:

CVE-2024-38080:

  • Involves Microsoft Windows Hyper-V
  • Enables a local attacker to get a SYSTEM privilege, which is an example of privileges escalation.

Microsoft’s July Update :

  • Addresses both vulnerabilities.
  • Contains a total of 137 patches in the structure.

Key Actions for Users:

  • Immediate Update: Windows users should apply the latest patch from the Microsoft Company so as to avoid these exploits.
  • Caution with Shortcut Files: It is necessary to be cautious concerning the Internet Shortcut files and make sure that the URLs are run with the modern browsers, including the Chrome or Edge ones.

Quotes from Experts:

"The author regards the described exploit as rather quite especially. Spotlights the usage of one of the system components that Windows’ users barely remember".-Eli Smadja

Impact and Future Considerations:

End of Windows 10 Support:

Since Microsoft will no longer support Windows 10 after October 2025, users have to be careful.

Ideally, recommend acquiring new models for the receipt of further safety patches. A good lesson that can be learned from this case is that updates concerning potential security threats from outdated software components are necessary on frequent basis. Overcoming the complexity of current threats requires that the systems are always updated, and that is feasible.

Unlocking the Power of IoT: Transforming Everyday Life Through Smart Connectivity

  • 06-Sep-24

Hawaii's Bold Leap into the Future with Cloud and Artificial Intelligence

  • 05-Sep-24

Green Hydrogen Unveiled: Key Insights for a Sustainable Future

  • 04-Sep-24

From Helper to Hazard: How AI Could Harm Us – Analysis from ICASR Experts

  • 02-Sep-24

How Media & Entertainment are Evolving with 2024's Tech Trends

  • 31-Aug-24

Canada to Implement New 24-Hour Work Rule for International Students This Fall

  • 06-Sep-24

Para Powerlifting Day Two at Paris 2024: Key Contenders and Ones to Watch

  • 06-Sep-24

The Next Frontier in Artificial Intelligence Revolutionizing Business and Technology

  • 06-Sep-24

U.S. Indicts Russian Intelligence Officials Over Cyberattacks Targeting Ukraine

  • 06-Sep-24

Vaccine-Skeptic Doctor on Boise Health Board Reinstates Lapsed Medical License

  • 05-Sep-24
Categories
Discover Policies
Subscribe

Want to be notified when we launch a new template or an udpate. Just sign up and we'll send you a notification by email.

© icasr 2024 . All rights reserved.
© icasr 2024 . All rights reserved.