The Department of Information Security (Ministry of Information and Communications) has issued a warning regarding 6 new vulnerabilities in Microsoft products. Among these vulnerabilities, up to 5 can be exploited by hackers to execute remote code. The vulnerabilities that have been identified are CVE-2024-21408 in Windows Hyper-V, CVE-2024-26198 in Microsoft Exchange Server, CVE-2024-21407 in Windows Hyper-V, CVE-2024-21334 in Open Management Infrastructure (OMI), CVE-2024-21426 in Microsoft SharePoint, and CVE-2024-21411 in Skype for Consumer.
To ensure the security of information systems, the Department of Information Security has recommended that agencies, organizations, and businesses using the Windows operating system identify and review their systems for potential vulnerabilities. If affected, prompt patch updates are necessary to avoid the risk of cyber attacks by hackers. The department also recommends strengthening monitoring and preparing solutions in case of detecting signs of cyber exploitation or attack. Regular monitoring of warning channels of functional agencies and large information security organizations can help detect cyber attack risks on time.
The Department of Information Security has issued a warning about the importance of updating and handling vulnerabilities and weaknesses to prevent potential cyber-attacks. Failure to do so can lead to system hijacking and heavy losses in reputation and property. Experts have also predicted that one of the main cyber attack trends in 2024 will be exploiting information security vulnerabilities, particularly high-impact and serious ones in popular technology products, which can easily penetrate systems and steal an organization’s information and assets. Attack groups have already exploited several vulnerabilities to carry out targeted attacks, known as APTs. The department has issued instructions to ministries, branches, and localities on how to address these dangerous information security vulnerabilities, but unfortunately, many units have yet to review and handle them.
