This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies, organizations, and individuals in guarding against the persistent malicious actions of cybercriminals. Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Threat Intelligence Microsoft is aware of CVE-2024-30040 and CVE-2024-30051 being exploited in the wild, as well as functional exploit code being available for CVE-2024-30050.

Systems Affected
NET and Visual Studio
Azure Migrate
Microsoft Bing
Microsoft Brokering File System
Microsoft Dynamics 365 Customer Insights
Microsoft Edge (Chromium-based)

Microsoft Intune
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows SCSI Class System File
Microsoft Windows Search Component
Power BI
Visual Studio
Windows Cloud Files Mini Filter Driver
Windows CNG Key Isolation Service
Windows Common Log File System Driver
Windows Cryptographic Services
Windows Deployment Services
Windows DHCP Server
Windows DWM Core Library
Windows Hyper-V
Windows Kernel
Windows Mark of the Web (MOTW)
Windows Mobile Broadband
Windows MSHTML Platform
Windows NTFS
Windows Remote Access Connection Manager
Windows Routing and Remote Access Service (RRAS)
Windows Task Scheduler
Windows Win32K – GRFX
Windows Win32K – ICOMP
.NET and Visual Studio
Azure Migrate
Microsoft Bing
Microsoft Brokering File System

Risk
Government:
– Large and medium government entities: High
– Small government entities: Medium
Businesses:
– Large and medium business entities: High
– Small business entities: Medium
Home Users: Low

Technical Summary
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which
could allow for remote code execution. A full list of all vulnerabilities can be found here.

Recommendations

• Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
• Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
• Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources.
• Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.

The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report. For any further questions, please contact us here at Cyber Command.