June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Attackers Use Critical Vulnerability in Fortinet EMS to Deploy Remote Access Tools – Active IOCs
December 20, 2024
MuddyWater APT – Active IOCs
December 20, 2024
Attackers Use Critical Vulnerability in Fortinet EMS to Deploy Remote Access Tools – Active IOCs
December 20, 2024
MuddyWater APT – Active IOCs
December 20, 2024
Severity
Medium
Analysis Summary
CVE-2024-49071 CVSS:6.5
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
CVE-2022-40733 CVSS:5
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
CVE-2022-40732 CVSS:5
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
Impact
- Information Disclosure
- Denial Of Service
Indicators of Compromise
CVE
- CVE-2024-49071
- CVE-2022-40733
- CVE-2022-40732
Affected Vendors
Microsoft
Affected Products
- Microsoft Defender for Endpoint for Windows - N/A
- Microsoft Windows - Build 22000.593
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.