RomCom Strikes Again: Zero-Day Exploits in Firefox and Windows Uncovered – Active IOCs
November 26, 2024Multiple QNAP Products Vulnerabilities
November 26, 2024RomCom Strikes Again: Zero-Day Exploits in Firefox and Windows Uncovered – Active IOCs
November 26, 2024Multiple QNAP Products Vulnerabilities
November 26, 2024Severity
High
Analysis Summary
CVE-2024-43452 CVSS:7.5
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Registry component. By connecting to a specially crafted remote share, an attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2024-43450 CVSS:7.5
Microsoft Windows could allow a remote attacker to conduct DNS spoofing attacks on the system.
CVE-2024-43447 CVSS:8.1
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a double-free in the SMBv3 Server component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-43644 CVSS:7.8
Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the Client-Side Caching. By executing a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2024-43630 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2024-43627 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a heap-based buffer overflow in the Telephony Server component. By persuading a victim to connect to a specially crafted server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-43626 CVSS:8.8
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a heap-based buffer overflow in the Telephony Server component. By persuading a victim to connect to a specially crafted server, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-43625 CVSS:8.1
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the VMSwitch component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
CVE-2024-43623 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NT OS Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.
Impact
- Privilege Escalation
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-43452
- CVE-2024-43450
- CVE-2024-43447
- CVE-2024-43644
- CVE-2024-43630
- CVE-2024-43627
- CVE-2024-43626
- CVE-2024-43625
- CVE-2024-43623
Affected Vendors
Affected Products
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows 11 version 22H2 - 10.0.0
- Microsoft Windows 11 version 22H3 - 10.0.0
- Microsoft Windows Server 2019 - 10.0.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
- Microsoft Windows Server 2022 - 10.0.0
- Microsoft Windows Server 2025 - 10.0.0 - 10.0.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.0 - 10.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.