Recently, Microsoft released a list of September patches with 79 information security vulnerabilities in its products.

From the information recorded about security vulnerabilities in Microsoft products, the National Cyber ​​Security Monitoring Center has pointed out 13 security vulnerabilities with high and serious impact.

Of these, 8 vulnerabilities allow attackers to execute remote code, including: CVE-2024-43491 in Microsoft Windows Update; 4 vulnerabilities CVE-2024-38018, CVE-2024-38227, CVE-2024-38228, CVE-2024-43464 in Microsoft SharePoint Server; 2 vulnerabilities CVE-2024-21416 and CVE-2024-38045 in Windows TCP/IP and CVE-2024-43463 in Microsoft Office Vision.

In addition, units need to pay attention to 5 vulnerabilities with serious impact: CVE-2024-43461 in Windows MSHTML Platform allows for spoofing attacks; CVE-2024-38014 in Windows Installer allows for attacks to escalate privileges; 2 vulnerabilities CVE-2024-38217, CVE-2024-43487 in Windows Mark of the Web and CVE -2024-38226 in Microsoft Publisher allow attackers to bypass protection mechanisms.

In particular, units in Vietnam need to note that 5 vulnerabilities are being exploited in practice, including: CVE-2024-43491 in Microsoft Windows Update; CVE-2024-38014 in Windows Installer; CVE-2024-43463 in Microsoft Office Vision; CVE-2024-38226 in Microsoft Publisher and 2 vulnerabilities CVE-2024-38217, CVE-2024-43487 in Windows Mark of the Web.

The above vulnerabilities can be exploited by attackers to perform illegal acts, causing information insecurity and affecting the information systems of agencies and organizations.

Therefore, units still need to research vulnerabilities, review and handle network security issues in the system.

In addition, units need to regularly monitor warnings from authorities on information security to promptly detect risks of cyber attacks.