DarkCrystal RAT aka DCRat – Active IOCs
April 16, 2024Multiple IBM Products Vulnerabilities
April 16, 2024DarkCrystal RAT aka DCRat – Active IOCs
April 16, 2024Multiple IBM Products Vulnerabilities
April 16, 2024Severity
High
Analysis Summary
CVE-2024-26193 CVSS:6.4
Microsoft Azure Migrate could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-29989 CVSS:8.4
Microsoft Azure could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Monitor Agent. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-28917 CVSS:6.2
Microsoft Azure could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in Arc-enabled Kubernetes Extension Cluster-Scope. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-29990 CVSS:9
Microsoft Azure Kubernetes Service Confidential Container could allow a remote attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-29063 CVSS:7.3
Microsoft Azure AI Search could allow a local authenticated attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2024-20685 CVSS:5.9
Microsoft Azure Private 5G Core is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-26251 CVSS:6.8
Microsoft SharePoint Server could allow a remote attacker to conduct spoofing attacks.
CVE-2024-29054 CVSS:7.2
Microsoft Defender for IoT could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-29053 CVSS:8.8
Microsoft Defender for IoT could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21324 CVSS:7.2
Microsoft Defender for IoT could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-26204 CVSS:7.5
Microsoft Outlook for Android could allow a remote attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
Impact
- Gain Access
- Privilege Escalation
- Information Disclosure
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-26193
- CVE-2024-29989
- CVE-2024-28917
- CVE-2024-29990
- CVE-2024-29063
- CVE-2024-20685
- CVE-2024-26251
- CVE-2024-29054
- CVE-2024-29053
- CVE-2024-21324
- CVE-2024-26204
Affected Vendors
Affected Products
- Microsoft SharePoint Server 2016
- Microsoft Azure Migrate
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft Azure Kubernetes Service Confidential Containers
- Microsoft Azure Private 5G Core
- Microsoft Azure Monitor Agent
- Microsoft Azure Arc Cluster microsoft.azstackhci.operator Extension
- Microsoft Azure Arc Cluster microsoft.azure.hybridnetwork Extension
- Microsoft Azure Arc Cluster microsoft.azurekeyvaultsecretsprovider Extension
- Microsoft Azure Arc Cluster microsoft.iotoperations.mq Extension
- Microsoft Azure Arc Cluster microsoft.openservicemesh Extension
- Microsoft Azure Arc Cluster microsoft.videoindexer Extension
- Microsoft Microsoft Defender for IoT
- Microsoft Microsoft Outlook for Android
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.