Network newsFour serious Microsoft vulnerabilities in hackers' sights: CISA alarm

Four serious Microsoft vulnerabilities in hackers’ sights: CISA alarm

Type of event:
Cybersecurity

Victims

Wounded

Date

September 11, 2024

What happened


In the US, the Cybersecurity and Infrastructure Security Agency (CISA) has reported four serious vulnerabilities in Microsoft products, already exploited by hackers, that federal agencies must resolve by the end of this month. These bugs (CVE-2024-38226, CVE-2024-43491, CVE-2024-38014, and CVE-2024-38217) are among the 79 vulnerabilities listed in the monthly Microsoft security bulletin. Randy Watkins, CTO of Critical Start, stressed the need for timely patching, especially in health, finance, and public administration, to avoid data theft or operational disruptions. Among the bugs, CVE-2024-43491 is the most critical, but it only affects a specific version of Windows 10. Other bugs, such as CVE-2024-38014, could be exploited to increase access privileges, putting thousands of devices at risk.

Where it happened

Main sources