Microsoft Warns of Active Zero-Day Exploitation


Microsoft rolled out its latest security updates on Tuesday, addressing approximately 60 vulnerabilities across various software products and called urgent attention to an actively exploited zero-day reported by multiple external threat-hunting teams.
Microsoft credited security researchers from Kaspersky, DBAPPSecurity, and Google’s Threat Analysis Group for identifying and reporting the issue, suggesting it may have already been used beyond targeted attacks.
As is customary, Microsoft did not share details on the exploitation of IOCs to help defenders hunt for signs of intrusions.
Microsoft also marked CVE-2024-30040 in the already-exploited category, warning that attackers are bypassing security features in Microsoft 365 and Office.
“This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.
The company also urged Windows admins to pay attention to CVE-2024-30044, a critical-severity remote code execution vulnerability in Microsoft Sharepoint.
This would enable the attacker to perform remote code execution in the context of the Sharepoint Server,” Microsoft added.
Related: Adobe Patches Critical Flaws in Reader, Acrobat Related: Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS Related: Exploited Chrome Zero-Day Patched by Google Related: SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver


On Tuesday, Microsoft released its most recent security updates, fixing about 60 flaws in a range of software applications and bringing immediate attention to a zero-day exploit that is being actively exploited and has been reported by several outside threat-hunting teams.

The Windows Desktop Window Manager (DWM) Core Library zero-day bug, known as CVE-2024-30051, is described as a heap-based buffer overflow that has already been used in malware attacks that demand elevated SYSTEM privileges.

The issue has been rated as “important” by Redmond and has a CVSS severity score of 7.8/10.

Microsoft acknowledged the issue’s identification and reporting by security researchers from Google’s Threat Analysis Group, DBAPPSecurity, and Kaspersky, and speculated that the tool may have already been used for purposes other than targeted attacks.

Microsoft did not disclose information about how to use IOCs to assist defenders in looking for indications of intrusions, as is customary.

Microsoft also flagged CVE-2024-30040 as already exploited, alerting users to the fact that attackers are evading Office and Microsoft 365 security measures. With a CVSS score of 8 points, the flaw lets attackers run arbitrary code when they trick a user into loading malicious files.

The OLE mitigations in Microsoft Office and Microsoft 365 that shield users from weak COM/OLE controls are circumvented by this vulnerability. Should an unauthenticated attacker be successful in taking advantage of this vulnerability, they could be able to execute arbitrary code in the user’s context by tricking the user into opening a malicious document, according to Microsoft.

Additionally, the business alerted Windows administrators to a critical-severity remote code execution vulnerability in Microsoft Sharepoint, identified as CVE-2024-30044.

Redmond’s security response center issued a warning: “An authenticated attacker with Site Owner permission can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.”.

“A specially crafted file could be uploaded to the targeted Sharepoint Server by an authenticated attacker with Site Owner permissions or higher, and specialized API requests could be created to initiate the deserialization of the file’s parameters.”. In the context of the Sharepoint Server, this would allow the attacker to carry out remote code execution, Microsoft continued.

Related: Adobe Patches Critical Flaws in Reader, Acrobat.

Similar: Apple Patch Day: iOS, macOS, and iPad Code Execution Vulnerabilities.

Related: Google exploited a zero-day patch for Chrome.

Similar: SAP Fixes Important Security Flaws in NetWeaver and CX Commerce.

scroll to top