Microsoft released updates addressing over 50 security vulnerabilities in Windows and related software this past Tuesday. This month’s Patch Tuesday is relatively light for Windows users. Additionally, Microsoft has responded to widespread criticism of a new feature in Windows that takes constant screenshots of user activity, announcing it will no longer be enabled by default.
‘Recall’ Feature Changed to be Disabled by Default
Last month, Microsoft introduced Copilot+ PCs, an AI-enhanced version of Windows. A controversial feature of Copilot+ called Recall continuously takes screenshots of user activity. Security experts criticized Recall as a sophisticated keylogger, warning that it could be a treasure trove for attackers if the user’s PC is compromised with malware.
Microsoft assured users that Recall snapshots never leave the system and cannot be exfiltrated by attackers. However, former Microsoft threat analyst Kevin Beaumont revealed that any user, even a non-administrator, can export Recall data stored in a local SQLite database. Beaumont criticized the feature on Mastodon, calling it “the dumbest cybersecurity move in a decade.”
Patrick Gray, host of the Risky Business podcast, noted that Recall’s indexed screenshots would greatly aid attackers in understanding and exploiting unfamiliar environments. He likened it to the screen recordings used in past SWIFT attacks against central banks. Following the backlash, Microsoft announced that Recall will no longer be enabled by default on Copilot+ PCs.
Critical Vulnerabilities Addressed
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080)
Among the patches released this week, only CVE-2024-30080 received Microsoft’s critical rating. This vulnerability in the Microsoft Message Queuing (MSMQ) service allows attackers to remotely control a user’s system without interaction. With a CVSS score of 9.8, Microsoft urges users to disable MSMQ if updates are not immediately possible. Kevin Breen, senior director of threat research at Immersive Labs, noted that MSMQ is not a default Windows service but emphasized the need to patch quickly, as thousands of internet-facing MSMQ servers could be vulnerable. The vulnerability allows an attacker to send a series of specially crafted MSMQ packets over HTTP to an MSMQ server, potentially resulting in remote code execution. Microsoft acknowledges the efforts of k0shl with Kunlun Lab in discovering this flaw.
Windows Wi-Fi Driver Remote Code Execution Vulnerability (CVE-2024-30078)
Another critical vulnerability, CVE-2024-30078, is a remote code execution flaw in the Windows WiFi Driver, also with a CVSS score of 9.8. This bug can be exploited by sending a malicious data packet to others on the same network, assuming the attacker has local network access. To exploit this vulnerability, an attacker must be within proximity to send and receive radio transmissions. Microsoft credits Wei in Kunlun Lab with Cyber KunLun for identifying this issue.
Office Vulnerabilities
Microsoft also addressed serious security issues in its Office applications, including two remote-code execution flaws. CVE-2024-30101, which affects Outlook, requires the user to open a malicious email and perform specific actions. The attack involves a race condition and the Preview Pane is an attack vector, though additional user interaction is required. CVE-2024-30104, another Office vulnerability, requires the user to open a malicious file, but the Preview Pane is not an attack vector in this case.
Additional Updates from Adobe
Additionally, Adobe released security updates for Acrobat, ColdFusion, Photoshop, and other products. For detailed information on the patches, including severity and exploitability, visit the SANS Internet Storm Center. Windows administrators should also monitor AskWoody.com for early reports on potential issues with Windows patches.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
