APT32 SeaLotus aka OceanLotus Group – Active IOCs

November 15, 2024

CISA Warns of Two Palo Alto Flaws Being Actively Exploited

November 15, 2024

Multiple Microsoft Office Vulnerabilities

November 15, 2024

Severity

High

Analysis Summary

CVE-2024-49031 CVSS:7.8

Microsoft Office Graphics could allow a remote attacker to execute arbitrary code on the system, caused by a buffer over read error. By persuading a victim to open a specially crafted Word file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-49032 CVSS:7.8

Microsoft Office Graphics could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially crafted Word file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43616 CVSS:7.8

Microsoft Office could allow a local attacker to execute arbitrary code on the system. By executing a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43576 CVSS:7.8

Microsoft Office could allow a local authenticated attacker to execute arbitrary code on the system. By executing a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-43505 CVSS:7.8

Microsoft Office Visio could allow a local attacker to execute arbitrary code on the system. By executing a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38016 CVSS:7.8

Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution

Indicators of Compromise

CVE

CVE-2024-49031
CVE-2024-49032
CVE-2024-43616
CVE-2024-43576
CVE-2024-43505
CVE-2024-38016

Affected Vendors

Microsoft

Affected Products

Microsoft 365 Apps for Enterprise - 16.0.1
Microsoft Office 2019 - 19.0.0
Microsoft Office LTSC 2021 - 16.0.1
Microsoft Microsoft 365 Apps for Enterprise - 16.0.1
Microsoft Microsoft Office 2019 - 19.0.0
Microsoft Office LTSC for Mac 2021 - 16.0.1
Microsoft Microsoft Office LTSC 2021 - 16.0.1
Microsoft Microsoft Office LTSC 2024 - 1.0.0
Microsoft Office LTSC for Mac 2024 - 1.0.0
Microsoft Office LTSC 2024 - 1.0.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Akira Ransomware – Active IOCs

Fake Chrome Extensions Used for Credential Theft and Ad Injection – Active IOCs

Saudi Organization Targeted in China-Linked Cyber Espionage Campaign – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

APT32 SeaLotus aka OceanLotus Group – Active IOCs

CISA Warns of Two Palo Alto Flaws Being Actively Exploited

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.