UAE issues urgent warning to Microsoft users

UAE issues urgent warning to Microsoft users

UAE issues urgent warning to Microsoft users

The UAE Cyber ​​Security Council has issued a warning about the increased risk of threats to Microsoft OS users.

Microsoft Read More

The UAE Cyber ​​Security Council on Thursday issued an advisory to urgently update Microsoft operating systems to prevent information and personal data leaks.

The tech giant has released security updates to address 61 high-risk vulnerabilities, including two critical ones. Cybercriminals could exploit some of these vulnerabilities to gain control of the system.

The UAE Cyber ​​Security Report 2024, jointly released by the UAE Cyber ​​Security Council and CPX Holding, sheds light on an alarming reality: the UAE currently has 155,000 vulnerable cyber assets, with 40% of them over five years old.

The discovery highlights the urgent need for advanced security measures, especially as the country grapples with growing cyber threats, including sophisticated attacks such as ransomware.

Among the major vulnerabilities in Microsoft systems is CVE-2024-21334 for remote code execution in Open Management Infrastructure (OMI), which could allow a remote unauthenticated attacker to access OMI over the internet and send specially crafted requests to trigger a use-after-free.

CVE-2024-21400 is a privilege escalation vulnerability affecting Microsoft Azure Kubernetes Service Confidential Container (AKSCC) that could allow attackers to exploit the vulnerability to steal credentials and impact resources outside of their security scope.

CVE-2024-21407 - A remote code execution vulnerability in Windows Hyper-V could allow an authenticated attacker on a guest VM to send specially crafted requests to perform file operations on the VM to hardware resources, which could lead to remote code execution on the host server.

CVE-2024-21426 - A remote code execution vulnerability in Microsoft SharePoint could allow an attacker to perform a remote attack that could gain access to the victim's information and the ability to modify the information by convincing the user to open a malicious file.

Affected individuals are advised to review the March 2024 Microsoft update summary and apply the appropriate security updates.


kyle smith

15 Blog posts

Comments