These vulnerabilities have a High impact rating. and Serious, can be exploited by attackers to perform illegal acts, causing information security risks and affecting information systems of agencies, organizations and businesses.
Information security vulnerabilities exist in a number of Microsoft products such as: Windows and Windows components; Office and Office components; Azure; .NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; Windows VMSwitch.
NCSC recommends that agencies, units and enterprises research information about these information security vulnerabilities, conduct system reviews, handle network information security issues in the system and send review report results to NCSC's email address.
At the same time, NCSC recommends that agencies, units and businesses strengthen monitoring and prepare response plans when detecting signs of cyber exploitation and attacks.
Regularly monitor warning channels of authorities and large information security organizations to promptly detect cyber attack risks.
Check, review, and identify computers using Windows operating systems that are likely to be affected. The best solution is to update the patches for the above information security vulnerabilities according to the manufacturer's instructions.
12 High Impact and Critical Security Vulnerabilities
According to the NCSC, this month's release is particularly notable for the following high impact and critical security vulnerabilities:
CVE-2024-43639 Windows Kerberos security vulnerability allows attackers to execute code remotely.
CVE-2024-43498 Security Vulnerability in .NET and Visual Studio allows remote code execution.
CVE-2024-49039 vulnerability in Windows Task Scheduler allows attackers to escalate privileges. The vulnerability is currently being exploited in the wild.
CVE-2024-43625 vulnerability in Microsoft Windows VMSwitch allows an attacker to escalate privileges.
5 information security vulnerabilities CVE-2024-49026, CVE-2024-49027, CVE-2024-49028, CVE-2024-49029, CVE-2024-49030 in Microsoft Excel allow attackers to execute code remotely.
CVE-2024-49019 Active Directory Certificate Services vulnerability allows an attacker to escalate privileges. Details of the vulnerability have been made public.
The CVE-2024-49040 security vulnerability in Microsoft Exchange Server allows an attacker to perform spoofing attacks. Details of the vulnerability have been made public.
Windows security vulnerability CVE-2024-43451 exposes NTLM hashes, allowing attackers to perform spoofing attacks. The vulnerability is currently being exploited in the wild.
Source: https://daidoanket.vn/nguy-co-mat-an-toan-thong-tin-tu-cac-lo-hong-bao-mat-trong-san-pham-cua-microsoft-10294618.html
![[Photo] General Secretary To Lam presents the First Class Labor Medal to the Vietnam National Energy and Industry Group](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/21/0ad2d50e1c274a55a3736500c5f262e5)
![[Photo] General Secretary To Lam attends the 50th anniversary of the founding of the Vietnam National Industry and Energy Group](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/21/bb0920727d8f437887016d196b350dbf)
Comment (0)