May 2, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Android Banking Trojan ‘PixPirate’ Targets Brazilian Users Using New Evasion Tactic – Active IOCs
March 15, 2024
Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
March 15, 2024
Rewterz Threat Alert – Android Banking Trojan ‘PixPirate’ Targets Brazilian Users Using New Evasion Tactic – Active IOCs
March 15, 2024
Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
March 15, 2024
Severity
High
Analysis Summary
CVE-2024-21419 CVSS:7.6
Microsoft Dynamics 365 (on-premises) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2024-26198 CVSS:8.8
Microsoft Exchange Server could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21334 CVSS:9.8
Microsoft Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21390 CVSS:7.1
Microsoft Authenticator could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-26204 CVSS:7.5
Microsoft Outlook for Android could allow a remote attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2024-21430 CVSS:5.7
Microsoft Windows could allow a physical attacker to execute arbitrary code on the system, caused by a flaw in the iSCSI Discovery Service. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21433 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By winning a race condition, an attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2024-26162 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the ODBC Driver component. By persuading a user to connect to a malicious SQL database, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-26190 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a use-after-free flaw in the QUIC component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-21421 CVSS:7.5
Microsoft Azure SDK could allow a remote attacker to conduct spoofing attacks.
CVE-2024-26169 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Error Reporting Service. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2024-20671 CVSS:5.5
Microsoft Defender could allow a local authenticated attacker to bypass security restrictions. By executing a specially crafted program, an attacker could exploit this vulnerability to bypass security feature to cause impact on availability
CVE-2024-26185 CVSS:6.5
Microsoft Windows is vulnerable to data tampering, caused by a flaw in compressed folders. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to tamper with displayed messages.
CVE-2024-21448 CVSS:5
Microsoft Teams for Android could allow a local authenticated attacker to obtain sensitive information. By persuading a victim to confirm an action through a dialog box, an attacker could exploit this vulnerability to obtain files from the private directory and use this information to launch further attacks against the affected system.
CVE-2024-26197 CVSS:6.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Standards-Based Storage Management Service. By executing a specially crafted program, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-26196 CVSS:4.3
Microsoft Edge for Android (Chromium-based) could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially crafted URL, an attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Gain Access
- Cross-Site Scripting
- Code Execution
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-21419
- CVE-2024-26198
- CVE-2024-21334
- CVE-2024-21390
- CVE-2024-26204
- CVE-2024-21430
- CVE-2024-21433
- CVE-2024-26162
- CVE-2024-26190
- CVE-2024-21421
- CVE-2024-26169
- CVE-2024-20671
- CVE-2024-26185
- CVE-2024-21448
- CVE-2024-26197
- CVE-2024-26196
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Edge for Android
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2022
- Microsoft Teams for Android
- Microsoft System Center Operations Manager (SCOM) 2019
- Microsoft System Center Operations Manager (SCOM) 2022
- Microsoft Windows Defender Antimalware Platform
- Microsoft Windows Server 2019 (Server Core installation)
- Microsoft Windows Server 2022 (Server Core installation)
- Microsoft Windows 10 Version 1607 for 32-bit Systems 1607
- Microsoft Windows 10 Version 1607 for x64-based Systems 1607
- Microsoft Windows 10 Version 1809 for 32-bit Systems 1809
- Microsoft Windows 10 Version 1809 for ARM64-based Systems 1809
- Microsoft Windows 10 Version 1809 for x64-based Systems 1809
- Microsoft Windows 10 Version 21H2 for 32-bit Systems 21H2
- Microsoft Windows 10 Version 21H2 for ARM64-based Systems 21H2
- Microsoft Windows 10 Version 21H2 for x64-based Systems 21H2
- Microsoft Windows 10 Version 22H2 for 32-bit Systems 22H2
- Microsoft Windows 10 Version 22H2 for ARM64-based Systems 22H2
- Microsoft Windows 10 Version 22H2 for x64-based Systems 22H2
- Microsoft Windows 11 version 21H2 for ARM64-based Systems
- Microsoft Windows 11 version 21H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems 22H2
- Microsoft Windows 11 Version 22H2 for x64-based Systems 22H2
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems 23H2
- Microsoft Windows Server 2012 (Server Core installation)
- Microsoft Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 (Server Core installation)
- Microsoft Windows 11 Version 23H2 for x64-based Systems 23H2
- Microsoft Dynamics 365 (on-premises) version 9.1
- Microsoft Exchange Server 2016 Cumulative Update 23
- Microsoft Exchange Server 2019 Cumulative Update 13
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft Open Management Infrastructure
- Microsoft Authenticator
- Microsoft Outlook for Android
- Microsoft Azure SDK
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.