The Download
Microsoft released a bevy of vulnerabilities last Patch Tuesday, some of which are zero-days already being exploited in the wild. Topping the list is a zero day In Windows Desktop Windows Manager (CVE-2024-30051) with severity rating 7.8/10. Ransomware Qakbot is believed to be actively exploiting CVE-2024-30051. But wait, there's more.
Microsoft also announced CVE-2024-30040, a platform vulnerability which allows bypassing security features in Microsoft 365 and Office. Microsoft acknowledged CVE-2024-30040, which has severity of 8.8/10 is being actively exploited. One more for good measure, Microsoft announced CVE-2024-30044, a remote code execution vulnerability in Sharepoint, allowing unauthorized users to remotely control Microsoft Sharepoint server.
What You Can Do
It can be overwhelming responding to the number of vulnerabilities released on Patch Tuesday. These three represent critical threats against Windows systems, and Microsoft Sharepoint. We suggest threat-based continuous exposure management for your networks to identify vulnerabilities before bad guys exploit them.
To Learn More: