Microsoft products are being attacked by hackers.

CVE-2024-38080 and CVE-2024-38112 are two of the ten information security vulnerabilities that exist in Microsoft products and are currently being exploited by hackers.

Specifically, the vulnerability coded CVE-2024-38080 exists in Windows Hyper-V, allowing attackers to perform privilege escalation; the vulnerability CVE-2024-38112 in Windows MSHTML Platform allows attackers to perform spoofing attacks.

This incident has prompted the Cybersecurity Department to send alerts to the IT and cybersecurity units of ministries, departments, and localities; state-owned corporations and companies; joint-stock commercial banks, and financial institutions.

According to the warning, out of 139 information security vulnerabilities existing in Microsoft products that the technology company recently patched, experts from the Information Security Department recommend that agencies, organizations, and businesses nationwide pay special attention to 10 vulnerabilities with a high and serious impact.

In addition to the two vulnerabilities mentioned above, there are eight other vulnerabilities that allow attackers to execute code remotely, including: three vulnerabilities (CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077) in the Windows Remote Desktop Licensing Service; the CVE-2024-38060 vulnerability in the Windows Imaging Component; three vulnerabilities (CVE-2024-38023, CVE-2024-38024, and CVE-2024-38094) in Microsoft SharePoint Server; and the CVE-2024-38021 vulnerability in Microsoft Office.

To ensure the security of your organization's information systems and contribute to the security of Vietnam's cyberspace, the Cybersecurity Department recommends that agencies, organizations, and businesses nationwide conduct checks and reviews to identify computers using the Windows operating system that may be affected by the aforementioned high-level and critical cybersecurity vulnerabilities.

In the event of being identified as affected, units should promptly update the patch to avoid the risk of cyberattacks exploiting information security vulnerabilities.

"The best solution is to update the patches for the aforementioned information security vulnerabilities according to the manufacturer's instructions," emphasized an expert from the Information Security Department.

In addition, agencies, organizations, and businesses are required to strengthen monitoring and prepare response plans when detecting signs of exploitation or cyberattacks; at the same time, they should regularly monitor the warning channels of functional agencies and major information security organizations to promptly detect cyberattack risks.

When assistance is needed, units can contact the National Cybersecurity Monitoring Center (NCSC) of the Information Security Department by phone: 02432091616 and email 'ncsc@ais.gov.vn'.