This is a warning about vulnerabilities in Microsoft products sent by the Department of Information Security (Ministry of Information and Communications) on March 28.3, to all specialized units in charge of information technology and information security of ministries and branches. , localities and corporations, state corporations, banks and financial institutions.
According to the Department of Information Security, information security vulnerabilities in Microsoft products this time include: vulnerability CVE-2024-21408 in Windows Hyper-V allows attackers to perform denial of service attacks. service (DoS); CVE-2024-26198 in Microsoft Exchange Server; CVE-2024-21407 in Windows Hyper-V; CVE-2024-21334 in Open Management Infrastructure (OMI); CVE-2024-21426 in Microsoft SharePoint and CVE-2024-21411 in Skype for Consumer.
Notably, among the 6 new vulnerabilities that exist in Microsoft products, there are up to 5 vulnerabilities that, after successful exploitation, hackers can attack and execute remote code.
To ensure information security for information systems of agencies, organizations, and businesses, the Department of Information Security requests units to check and review to identify computers using the Windows operating system. There are 2 possibilities of being affected by the 6 high and serious information security vulnerabilities mentioned above.
In case of being affected, units need to urgently update the patch promptly to avoid the risk of cyber attacks by hackers.
“Agencies, organizations and businesses are also required to further strengthen monitoring and prepare solutions when detecting signs of cyber exploitation or attack.
At the same time, units also need to regularly monitor warning channels of functional agencies and large information security organizations to promptly detect cyber attack risks," the Department of Information Security recommends. fox.
According to the Department of Information Security, if a unit does not pay attention to updating and handling the vulnerabilities and weaknesses that have been warned, it can cause that unit's system to be hijacked and subjected to cyber attacks. leading to heavy losses in reputation and property.
Experts also predict that a prominent cyber attack trend in 2024 is exploiting information security vulnerabilities, especially high-impact and serious vulnerabilities in popular technology products, from That easily penetrates the system and thereby takes control and steals the organization's information and assets.
Accordingly, a number of vulnerabilities have been exploited by attack groups to carry out targeted attacks - APT.
Dangerous information security vulnerabilities with wide-ranging effects have been warned by the Department of Information Security and instructed ministries, branches and localities on how to fix them; However, many units have not yet reviewed and handled it.