.jpg "Real estate market in the south of Hai Duong city is bustling")
.jpg "Extremely dangerous forest fire risk in Kinh Mon, Chi Linh")
-ac017d3d3ce25d3405471795d6bb26f0.jpg "Gia Loc needs over 10 billion VND to invest in renovating and expanding landfills.")
Submit a comment
Of the 10 high-level and serious security vulnerabilities in Microsoft products that have just been warned by the Department of Information Security (Ministry of Information and Communications) to units in Vietnam, 3 vulnerabilities are being exploited in reality.
.png)
The Department of Information Security (Ministry of Information and Communications) has just sent a warning to specialized IT and information security units of ministries, branches, and localities; state-owned corporations and groups, banks, and financial institutions.
Microsoft recently released a list of November patches with 63 information security vulnerabilities in its products.
Through analysis and evaluation, the Department of Information Security recommends that state agencies, organizations, and enterprises pay special attention to 10 high-level and serious network information security vulnerabilities that have just been patched by Microsoft.
Specifically, the 3 vulnerabilities currently being exploited in practice, noted by the Department of Information Security, include: CVE-2023-36033 in Windows Desktop Manager, CVE-2023-36036 in Windows Cloud Files Mini Filter Driver and CVE-2023-36025.
In which, the vulnerability CVE-2023-36025 allows attackers to bypass Windows' SmartScreen security feature, and two vulnerabilities: CVE-2023-36033 and CVE-2023-36036 both allow attackers to escalate privileges.
Three vulnerabilities CVE-2023-36439 in Microsoft Exchange Server, CVE-2023-36041 in Microsoft Excel, and CVE-2023-38177 in Microsoft SharePoint Server allow attackers to execute remote code.
Meanwhile, the CVE-2023-36397 vulnerability in Windows Pragmatic General Multicast allows an unauthenticated attacker to execute code remotely.
Three other security vulnerabilities were also warned by the Information Security Department this time, namely: CVE-2023-36400 vulnerability in Windows HMAC Key Derivation allows attackers to escalate privileges; CVE-2023-36038 vulnerability in ASP.NET Core allows attackers to perform denial of service (DoS) attacks; and CVE-2023-36413 vulnerability allows attackers to bypass Microsoft Office security features.
The Department of Information Security recommends that, in order to ensure information security for the information systems of agencies, organizations, and enterprises as well as contribute to ensuring the safety of Vietnam's cyberspace, units need to check, review, and identify computers using the Windows operating system that are likely to be affected by the above information security vulnerabilities.
In case of impact, units must update the patch promptly to avoid the risk of being attacked.
In addition, state agencies, organizations and enterprises are also requested to strengthen monitoring and prepare response plans when detecting signs of cyber exploitation and attacks; at the same time, regularly monitor warning channels of competent authorities and large organizations on information security to promptly detect cyber attack risks.
Security vulnerabilities are always identified by experts as one of the leading causes of cyber attacks targeting agencies, organizations and businesses.
In a recent shared information, through data from the Viettel Threat Intelligence system, experts from Viettel Cyber Security Company said that the vulnerabilities actually used by attack groups in the third quarter of 2023 were all vulnerabilities on popular products and were also vulnerabilities that allowed attackers to execute code remotely after exploitation without authentication.
Attack groups exploit these vulnerabilities as an initial springboard to access the system, from which to execute further malicious actions.
Notably, in the October technical report on the situation of Vietnam's network information security, the Vietnam Cyber Security Monitoring Center - NCSC under the Department of Information Security said that last month, the Center's technical system recorded 59,935 weaknesses and information security vulnerabilities in the information systems of state agencies and organizations.
In particular, there are a number of vulnerabilities that have been exploited by attack groups to carry out targeted APT attacks.
Recognizing that the number of weaknesses and vulnerabilities is very large, the Department of Information Security has directed NCSC to assess and identify dangerous vulnerabilities with widespread impacts and guide ministries and branches to overcome them.
To ensure system security, the Department of Information Security pointed out that units need to urgently review, identify and patch system errors, especially high-level and serious security vulnerabilities.
According to Vietnamnet