Warning of 6 serious vulnerabilities in Microsoft products

This is a warning about vulnerabilities in Microsoft products sent by the Department of Information Security (Ministry of Information and Communications) on March 28 to all units in charge of information technology and information security of ministries, branches, localities, and state-owned corporations, banks and financial institutions.

According to the Department of Information Security, the information security vulnerabilities in Microsoft products this time include: CVE-2024-21408 vulnerability in Windows Hyper-V allows attackers to perform denial of service (DoS) attacks; CVE-2024-26198 in Microsoft Exchange Server; CVE-2024-21407 in Windows Hyper-V; CVE-2024-21334 in Open Management Infrastructure (OMI); CVE-2024-21426 in Microsoft SharePoint and CVE-2024-21411 in Skype for Consumer.

Notably, of the 6 new vulnerabilities that exist in Microsoft products, 5 of them, if successfully exploited, can allow hackers to execute code remotely.

To ensure information security for information systems of agencies, organizations and enterprises, the Department of Information Security recommends that units inspect and review to determine whether computers using Windows operating systems are likely to be affected by the 6 high-level and serious information security vulnerabilities mentioned above.

In case of impact, units need to promptly update the patch to avoid the risk of being attacked by hackers.

"Agencies, organizations and businesses are also required to further strengthen monitoring work and prepare response plans when detecting signs of cyber exploitation and attacks.

At the same time, units also need to regularly monitor warning channels of authorities and large organizations on information security to promptly detect cyber attack risks," the Department of Information Security recommended.

According to the Department of Information Security, if a unit does not pay attention to updating and handling the vulnerabilities and weaknesses that have been warned, it could cause the unit's system to be hijacked and attacked by cyberattacks, leading to serious losses in reputation and assets.

Experts also predict that a prominent cyber attack trend in 2024 is exploiting information security vulnerabilities, especially high-level and serious vulnerabilities in popular technology products, thereby easily penetrating the system and thereby taking control, stealing information and assets of the organization.

Accordingly, some vulnerabilities have been and are being exploited by attack groups to carry out targeted attacks - APT.

Dangerous and widespread information security vulnerabilities have been warned by the Information Security Department and have provided guidance to ministries, branches and localities on how to fix them; however, many units have yet to review and handle them.