Multiple vulnerabilities have been discovered in various Microsoft products, with the most severe vulnerability potentially allowing for remote code execution in the context of the logged-on user. This means that an attacker could gain control over the affected system, potentially allowing them to install programs, view, change, or delete data, or create new user accounts with full privileges. It is important to note that the impact of these vulnerabilities may vary depending on the user’s privileges.
Systems Affected
The following Microsoft products are affected by these vulnerabilities:
- Microsoft Edge (Chromium-based)
- Windows Media
- Microsoft Office Outlook
- Microsoft Dynamics Finance & Operations
- Microsoft Windows DNS
- Azure Connected Machine Agent
- Azure Machine Learning
- Windows MSHTML Platform
- Windows USB Mass Storage Class Driver
- Windows Internet Connection Sharing (ICS)
- Microsoft Bluetooth Driver
- Windows Kernel
- Windows DHCP Server
- Windows ODBC Driver
- Windows Kernel-Mode Drivers
- XAML Diagnostics
- Windows DPAPI (Data Protection Application Programming Interface)
- Windows Telephony Server
- Microsoft WDAC OLE DB provider for SQL
- Microsoft Office Word
- Windows Win32K
- Windows Defender
- Microsoft Power Platform Connector
- Windows Local Security Authority Subsystem Service (LSASS)
- Windows Cloud Files Mini Filter Driver
Risk Assessment
The severity of the vulnerabilities varies based on the type of entity and size of the organization. The risk levels are as follows:
Government Entities:
- Large and medium government entities: HIGH risk
- Small government entities: MEDIUM risk
Businesses:
- Large and medium business entities: HIGH risk
- Small business entities: MEDIUM risk
Home Users: LOW risk
Technical Summary
Exploiting these vulnerabilities could lead to remote code execution, allowing an attacker to gain the same level of privileges as the logged-on user. If the user has admin rights, the attacker can install harmful programs, change or delete data, or create new accounts with full user rights.It is worth noting that users with limited privileges may be less impacted by these vulnerabilities.
Recommendations
To protect against these vulnerabilities, it is recommended to take the following actions:
- Apply the appropriate patches or mitigations provided by Microsoft to vulnerable systems immediately after proper testing.
- Establish and maintain a documented vulnerability management process for enterprise assets.
- Perform automated application patch management on a monthly or more frequent basis.
- Apply the Principle of Least Privilege to all systems and services, running all software as a non-privileged user without administrative rights.
- Manage default accounts on enterprise assets and software, disabling them if possible.
- Restrict administrator privileges to dedicated administrator accounts on enterprise assets.
- Remind all users not to visit untrusted websites or open files/links from unknown or untrusted sources.
- Establish and maintain a security awareness program, educating the workforce on secure practices.
- Train workforce members to recognize social engineering attacks, such as phishing and tailgating.
- Deploy a host-based intrusion detection and prevention solution on enterprise assets, where appropriate and supported.
By following these recommendations, organizations and individuals can enhance their security posture and reduce the risk of exploitation from these vulnerabilities.
Please note that there are currently no reports of these vulnerabilities being exploited in the wild. However, it is important to remain vigilant and stay updated on patches and security advisories from Microsoft.