Microsoft Admits that Exploits Are Bypassing Windows Security Features

This week saw Microsoft releasing another security update as part of its Patch Tuesday program. The package contains fixes for 72 vulnerabilities across various Windows ecosystem products, including those that enable attackers to remotely execute code, bypass security features, and escalate privileges in the system.

Out of the 72 recorded vulnerabilities, Microsoft highlights three that cybercriminals are actively exploiting to conduct their attacks, including phishing and spoofing attacks aimed at circumventing Windows security features.

The vulnerability CVE-2021-43890, traced back to 2021, is being exploited by hackers using damaging malware such as Emotet, Trickbot, and Bazaloader. In their statement, Microsoft explains, “In recent months, Microsoft Threat Intelligence has seen an increase in malicious activity using social engineering and phishing methods to attack Windows users.” Microsoft has also added that they were forced to disable the ms-appinstaller protocol in Windows by default to enhance security.

Additionally, Microsoft has urged Windows administrators to pay attention to the vulnerabilities CVE-2024-21412 and CVE-2024-21351. These vulnerabilities are being leveraged by culprits to bypass Windows’ security features during real attacks. The current patch also includes a fix for CVE-2024-21413 vulnerability that could enable remote code execution in Microsoft Office. Notably, this vulnerability was rated a high 9.8 out of 10, indicating its significant risk level.

Related Posts