Warning 5 high-level and critical security vulnerabilities in Microsoft products

Tram Ho

On July 16, the Ministry of Information and Communications sent a document to the ministries, branches and localities; Office of the Party Central Committee, Office of the National Assembly, Supreme People’s Court, Supreme People’s Procuracy, State Audit; economic groups, state-owned corporations, joint-stock commercial banks and financial institutions to warn about 5 high-level and serious security holes in Microsoft products.

According to the Ministry of Information and Communications, on July 13, Microsoft announced and released patches for 117 security holes in its products.

Of these 117 security holes, it is worth noting that 5 vulnerabilities allow attackers to execute code remotely, including: CVE-2021-34473, CVE-2021-34523, CVE-2021-34527, CVE-2021-33781 and CVE-2021-34492. These critical and high-risk vulnerabilities exist in Windows Print Spooler, Microsoft Exchange Server, and Windows Certificate products.

Cảnh báo 5 lỗ hổng bảo mật mức cao và nghiêm trọng trong các sản phẩm Microsoft - Ảnh 1.

Of the 5 vulnerabilities in Microsoft products that have just been warned by the Ministry of Information and Communications, there are 3 new vulnerabilities announced by the company on July 13. (Artwork: iStockPhoto)

Exchange Server has been a fairly popular target since March, featuring four zero-day vulnerabilities known as “ProxyLogon” that were exploited in a large-scale APT campaign. These four vulnerabilities were warned by the National Cyber ​​Security Monitoring Center under the Information Security Administration on March 3. Specifically, exist in Microsoft Exchange Server, 2 vulnerabilities CVE-2021-34473 and CVE-2021-34473 and CVE-2021-34473. CVE-2021-34523 allows attackers to execute code remotely, elevating privileges on email servers.

Therefore, it is very urgent to fix the vulnerabilities in Microsoft Exchange Server, especially when the objects of cyber attacks are increasing to target this target.

As for vulnerability CVE-2021-34527, this is the second remote code execution vulnerability in Windows Print Spooler, which is related to the previous CVE-2021-1675 vulnerability and is jointly known as “PrinterNightmare”. On June 22, the Ministry of Information and Communications issued an early forecast of the risk of large-scale cyber attacks when these vulnerabilities were exploited, and promptly continued to warn agencies and organizations through various methods.

Along with vulnerability CVE-2021-34523 in Exchange Server, two new vulnerabilities CVE-2021-33781 and CVE-2021-34492 were announced by Microsoft on July 13.

In particular, CVE-2021-33781 is a security vulnerability that allows low-privileged objects to remotely attack by bypassing security checks in the Active Directory service to gain higher privileges on the target machine. pepper.

And CVE-2021-34492 is a vulnerability that allows attackers to bypass the checking mechanism in Windows Certificate to forge certificates. This vulnerability can be used in other attacks against users.

According to experts from the Information Security Department (Ministry of Information and Communications), Windows Print Spooler and Microsoft Exchange Server products are Windows Certificates, which are commonly used in information systems of state agencies and organizations. banks, financial institutions, corporations, businesses and large companies.

In particular, security vulnerabilities in Windows Print Spooler and Microsoft Exchange Server may have been, are and will be used by APT-targeted attack groups to exploit on a large scale in the near future.

Therefore, to ensure information security for the unit’s system, contributing to ensuring the safety of Vietnam’s cyberspace, the Ministry of Information and Communications requires agencies, units and enterprises to direct the inspection and review. and identify potentially affected Windows servers and workstations. Also, update security patches for affected machines according to Microsoft’s instructions.

Agencies, units and enterprises are required to strengthen supervision and be ready to deal with signs of being exploited or hacked. Along with that, it is necessary to regularly monitor the warning channels of authorities and large organizations on information security to promptly detect the risks of cyber attacks.

In case of needing support, the unit to contact the support focal point of the Ministry of Information and Communications is the National Cyber ​​Security Monitoring Center – NCSC under the Information Security Administration at phone number 02432091616 or email ais@mic.gov.vn
Share the news now

Source : Genk