Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-38218 CVSS:8.4

Microsoft Edge (HTML-based) could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38200 CVSS:7.5

Microsoft Office could allow a remote attacker to conduct spoofing attacks.

CVE-2024-38219 CVSS:6.5

Microsoft Edge (Chromium-based) could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution

Indicators of Compromise

CVE

CVE-2024-38218
CVE-2024-38200
CVE-2024-38219

Affected Vendors

Microsoft

Affected Products

Microsoft Office 2019
Microsoft Edge (Chromium-based) 127.0.2651.98
Microsoft 365 Apps for Enterprise
Microsoft Office LTSC 2021

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-38218

CVE-2024-38200

CVE-2024-38219

Malicious PyPI Library Solana Steals Blockchain Wallet Keys from Users

EastWind Campaign Uses Malicious LNK Files to Install PlugY and GrewApacha Backdoors – Active IOCs

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan