This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies, organizations, and individuals in guarding against the persistent malicious actions of cybercriminals. Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Threat Intelligence Microsoft is aware of CVE-2024-30040 and CVE-2024-30051 being exploited in the wild, as well as functional exploit code being available for CVE-2024-30050. Systems Affected NET and Visual Studio Azure Migrate Microsoft Bing Microsoft Brokering File System Microsoft Dynamics 365 Customer Insights Microsoft Edge (Chromium-based) Microsoft Intune Microsoft Office Excel Microsoft Office SharePoint Microsoft WDAC OLE DB provider for SQL Microsoft Windows SCSI Class System File Microsoft Windows Search Component Power BI Visual Studio Windows Cloud Files Mini Filter Driver Windows CNG Key Isolation Service Windows Common Log File System Driver Windows Cryptographic Services Windows Deployment Services Windows DHCP Server Windows DWM Core Library Windows Hyper-V Windows Kernel Windows Mark of the Web (MOTW) Windows Mobile Broadband Windows MSHTML Platform Windows NTFS Windows Remote Access Connection Manager Windows Routing and Remote Access Service (RRAS) Windows Task Scheduler Windows Win32K - GRFX Windows Win32K - ICOMP .NET and Visual Studio Azure Migrate Microsoft Bing Microsoft Brokering File System Risk Government: - Large and medium government entities: High - Small government entities: Medium Businesses: - Large and medium business entities: High - Small business entities: Medium Home Users: Low Technical Summary Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. A full list of all vulnerabilities can be found here. Recommendations
  • Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources.
  • Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report. For any further questions, please contact us here at Cyber Command.