4 new security vulnerabilities can be exploited to attack Vietnamese systems

To ensure information security for the unit's information system, contributing to ensuring the safety of Vietnam's cyberspace, the Department of Information Security (Ministry of Information and Communications) has just recommended that agencies, units, and enterprises conduct inspections and reviews to determine computers using the Windows operating system that are likely to be affected by high-level and serious security vulnerabilities that have just been patched by Microsoft.

Specifically, from 49 information security vulnerabilities in Microsoft products that were patched by this global technology company in the January 2024 update, the Department of Information Security recommends that agencies, organizations, and businesses in Vietnam pay attention to 4 vulnerabilities with high and serious impacts.

In particular, the information security vulnerability CVE-2024-20674 exists in Windows Kerberos (a cryptographic protocol used for authentication in computer networks operating on insecure transmission lines - PV) with a CVSS score of 9.0, is assessed to have a serious impact level, allowing attackers to bypass the protection mechanism to perform spoofing attacks.

Three other security vulnerabilities, CVE-2024-21318 in Microsoft SharePoint Server, CVE-2024-20677 in Microsoft Office, and CVE-2024-20700 in Windows Hyper-V, all allow attackers to execute code remotely.

Experts from the Department of Information Security recommend that units using the Windows operating system need to update the patches for the above information security vulnerabilities in a timely manner to avoid the risk of cyber attacks. "The best solution is to update the patches for information security vulnerabilities according to the manufacturer's instructions," the Department of Information Security emphasized.

In addition, IT and information security units of ministries, branches and localities; state-owned corporations and groups; banks and financial institutions also need to strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks; and regularly monitor the warning channels of authorities and large information security organizations to promptly detect cyber attack risks.

In case of necessity, agencies, organizations and enterprises can contact the support contact of the Department of Information Security, the National Cyber ​​Security Monitoring Center - NCSC, at phone number 02432091616 or email ncsc@ais.gov.vn

According to experts, recently, attack groups have been actively scanning and exploiting popular products in the network environment of agencies, organizations and businesses to create an initial springboard to penetrate the system and from there carry out subsequent malicious acts. Therefore, agencies, organizations and businesses need to pay attention to updating patches for security vulnerabilities and overcoming potential risks that cause information insecurity for the system.