March 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Google Cloud Run Weaponized to Distribute Banking Trojans in Europe and Latin America – Active IOCs
February 26, 2024Rewterz Threat Alert – ModiLoader aka DBatLoader – Active IOCs
February 27, 2024Rewterz Threat Alert – Google Cloud Run Weaponized to Distribute Banking Trojans in Europe and Latin America – Active IOCs
February 26, 2024Rewterz Threat Alert – ModiLoader aka DBatLoader – Active IOCs
February 27, 2024
Severity
High
Analysis Summary
CVE-2024-21384 CVSS:7.8
Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user-supplied input by OneNote. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21395 CVSS:8.2
Microsoft Dynamics 365 (on-premises) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web server. By persuading a victim to open a specially crafted URL, a remote attacker could exploit this vulnerability to execute script in a victim’s Web browser once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2024-21345 CVSS:8.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a container escape flaw in Kernel. By executing a specially crafted application, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2024-21347 CVSS:7.5
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in ODBC Driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21397 CVSS:5.3
Microsoft Azure could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in File Sync. An attacker could exploit this vulnerability to create new files in directories where Azure File Sync is configured, which could include SYSTEM directories.
CVE-2024-21403 CVSS:8.5
Microsoft Azure could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in Kubernetes Service Confidential Container. By leveraging an untrusted AKS Kubernetes node and AKS Confidential Container, an attacker could exploit this vulnerability to take over confidential guests and containers beyond the network stack it might be bound to, allowing the attacker to move the workload onto an attacker controlled machine.
CVE-2024-21374 CVSS:5
Microsoft Teams for Android could allow a local authenticated attacker to obtain sensitive information. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2024-21391 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in WDAC OLE DB provider for SQL Server. By persuading a victim to connect to a malicious SQL database using their SQL client application, an attacker could exploit this vulnerability to execute arbitrary code within the context of the user’s SQL client application.
CVE-2024-21364 CVSS:9.3
Microsoft Azure could allow a local attacker to gain elevated privileges on the system, caused by a flaw in Site Recovery. An attacker could exploit this vulnerability to execute arbitrary code with ISUR privileges, and discover the MySQL root password, which could result in the discovery of other stored encrypted credentials.
CVE-2024-21389 CVSS:7.6
Microsoft Dynamics 365 (on-premises) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2024-21358 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WDAC OLE DB provider for SQL Server component. By persuading a victim to connect to a malicious SQL database, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Cross-Site Scripting
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-21384
- CVE-2024-21395
- CVE-2024-21345
- CVE-2024-21347
- CVE-2024-21397
- CVE-2024-21403
- CVE-2024-21374
- CVE-2024-21391
- CVE-2024-21364
- CVE-2024-21389
- CVE-2024-21358
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 x64
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for x64-based Systems
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.