Amaru would like to draw your attention to a crucial alert we received from The National Cyber Security Centre (NCSC) regarding two zero-day vulnerabilities discovered in Microsoft Products. These vulnerabilities pose severe threats to the security of organisations and individuals alike.
Vulnerability Details:
1. CVE-2024-21410 – Microsoft Exchange Server:
CVSS Score: 9.8
Description: This vulnerability affects Microsoft Exchange Server, potentially allowing unauthenticated attackers to escalate privileges by accessing user credentials. These credentials can then be utilised to impersonate legitimate users against exchange servers. There have been reports of active exploitation and the presence of public proof of concept code.
2. CVE-2024-21413 – Microsoft Outlook
CVSS Score: 9.8
– Description: This vulnerability impacts Microsoft Outlook, enabling unauthenticated attackers to execute remote code. This could bypass the protected view settings of Office documents, leading users to open links sent within emails in editing mode. Malicious actors are likely to exploit this vulnerability through phishing emails containing Office documents. While there are no current reports of active exploitation, a public proof of concept is available.
Recommendations:
The NCSC strongly advises organisations in New Zealand that utilise the affected products to take immediate action by:
– Reviewing the related security advisories: [Exchange advisory] and [Outlook advisory]
– Applying relevant patches and mitigations (if available) as soon as possible.
Action Required:
If your organization has experienced or suspects compromise related to these CVEs, please promptly contact [email protected]
In conclusion, the discovery of these critical vulnerabilities underscores the importance of maintaining robust cybersecurity measures. It is imperative for organizations to remain vigilant and take proactive steps to mitigate risks posed by such vulnerabilities. Failure to address these issues promptly could result in severe consequences for both businesses and individuals.
Stay informed, stay secure. Your vigilance is our best defense against cyber threats.
—
This blog aims to raise awareness about the critical zero-day vulnerabilities affecting Microsoft Products. It underscores the urgency for organizations to take immediate action to safeguard their systems and data. Your security is paramount, and staying informed is the first step towards protecting yourself in an increasingly complex digital landscape.
