Advanced Data Theft Techniques Used by China-Linked ValleyRAT Malware – Active IOCs
June 12, 2024Chinese Actor ‘SecShow’ Performs Wide-Reaching DNS Probing – Active IOCs
June 12, 2024Advanced Data Theft Techniques Used by China-Linked ValleyRAT Malware – Active IOCs
June 12, 2024Chinese Actor ‘SecShow’ Performs Wide-Reaching DNS Probing – Active IOCs
June 12, 2024Severity
High
Analysis Summary
CVE-2024-35263 CVSS:5.7
Microsoft Dynamics 365 (On-Premises) could allow a remote authenticated attacker to obtain sensitive information. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-37325 CVSS:8.1
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in Azure Science Virtual Machine (DSVM). By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-35254 CVSS:7.1
Microsoft Azure could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Monitor Agent. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-29060 CVSS:6.7
Microsoft Visual Studio could allow a remote authenticated attacker to gain elevated privileges on the system. By persuading a victim to open a specially crafted content, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-30103 CVSS:8.8
Microsoft Outlook could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-30100 CVSS:7.8
Microsoft SharePoint Server could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-35249 CVSS:8.8
Microsoft Dynamics Business Central could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-35255 CVSS:5.5
Microsoft Azure Identity Libraries and Microsoft Authentication Library could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to elevate privileges and read any file on the file system with SYSTEM access permissions.
CVE-2024-30104 CVSS:7.8
Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-35248 CVSS:7.3
Microsoft Dynamics Business Central could allow a remote attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-30101 CVSS:7.5
Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-35252 CVSS:7.5
Azure Storage Library is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-30102 CVSS:7.3
Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-30052 CVSS:4.7
Visual Studio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Code Execution
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-35263
- CVE-2024-37325
- CVE-2024-35254
- CVE-2024-29060
- CVE-2024-30103
- CVE-2024-30100
- CVE-2024-35249
- CVE-2024-35255
- CVE-2024-30104
- CVE-2024-35248
- CVE-2024-30101
- CVE-2024-35252
- CVE-2024-30102
- CVE-2024-30052
Affected Vendors
Affected Products
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft Dynamics 365 (on-premises) 9.1
- Microsoft Azure
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Visual Studio 2022 version 17.9
- Microsoft Visual Studio 2022 version 17.8
- Microsoft Visual Studio 2022 version 17.6
- Microsoft Visual Studio 2022 version 17.4
- Microsoft Azure Monitor 1.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.