An Emerging Ducktail Infostealer – Active IOCs
June 20, 2024Multiple Adobe Experience Manager Vulnerabilities
June 20, 2024An Emerging Ducktail Infostealer – Active IOCs
June 20, 2024Multiple Adobe Experience Manager Vulnerabilities
June 20, 2024Severity
Medium
Analysis Summary
CVE-2024-30058 CVSS:5.4
Microsoft Edge (Chromium-based) could allow a remote attacker to conduct a spoofing attack. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2024-38083 CVSS:4.3
Microsoft Edge (Chromium-based) could allow a remote attacker to conduct a spoofing attack. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2024-30057 CVSS:5.4
Microsoft Edge for iOS could allow a remote attacker to conduct a spoofing attack. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2024-35253 CVSS:4.4
Microsoft Azure could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in File Sync. By using a specially crafted application, an attacker could exploit this vulnerability to perform specific operations on the endpoint targeted by the attacker.
CVE-2024-35263 CVSS:5.7
Microsoft Dynamics 365 (On-Premises) could allow a remote authenticated attacker to obtain sensitive information. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Gain Access
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-30058
- CVE-2024-38083
- CVE-2024-30057
- CVE-2024-35253
- CVE-2024-35263
Affected Vendors
Affected Products
- Microsoft Edge (Chromium-based)
- Microsoft Dynamics 365 (on-premises) 9.1
- Microsoft Edge for iOS 1.0.0.0
- Microsoft Azure File Sync 16.0.0
- Microsoft Azure File Sync 1.0.0
- Microsoft Azure File Sync 17.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.