【Vulnerability Alert】 High-Risk Vulnerability in Microsoft Windows MSHTML Platform (CVE-2024-30040)

【Vulnerability Alert】 High-Risk Vulnerability in Microsoft Windows MSHTML Platform (CVE-2024-30040) - Immediate Patch Required!

publish date : 2024-05-23 update date : 2024-05-23

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2024052201055353	Publication Time	2024/05/22 13:47
Incident Type	ANA-Vulnerability Alert	Discovery Time	2024/05/22 13:47
Impact Level	Medium
[Subject] 【Vulnerability Alert】 High-Risk Vulnerability in Microsoft Windows MSHTML Platform (CVE-2024-30040) - Immediate Patch Required!
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202405-00000136 Researchers have identified a Security Feature Bypass vulnerability (CVE-2024-30040) in the Microsoft Windows MSHTML platform. Remote attackers can exploit this vulnerability by tricking users into downloading and opening malicious files, thereby bypassing the Object Linking and Embedding (OLE) protection mechanisms in Microsoft 365 and Office. This allows the execution of arbitrary code remotely. This vulnerability has already been exploited by hackers, so please verify and apply the necessary patches immediately. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] ● Windows 10 for 32-bit Systems ● Windows 10 for x64-based Systems ● Windows 10 Version 1607 for 32-bit Systems ● Windows 10 Version 1607 for x64-based Systems ● Windows 10 Version 1809 for 32-bit Systems ● Windows 10 Version 1809 for ARM64-based Systems ● Windows 10 Version 1809 for x64-based Systems ● Windows 10 Version 21H2 for 32-bit Systems ● Windows 10 Version 21H2 for ARM64-based Systems ● Windows 10 Version 21H2 for x64-based Systems ● Windows 10 Version 22H2 for 32-bit Systems ● Windows 10 Version 22H2 for ARM64-based Systems ● Windows 10 Version 22H2 for x64-based Systems ● Windows 11 version 21H2 for ARM64-based Systems ● Windows 11 version 21H2 for ARM64-based Systems ● Windows 11 version 21H2 for x64-based Systems ● Windows 11 Version 22H2 for ARM64-based Systems ● Windows 11 Version 22H2 for x64-based Systems ● Windows 11 Version 23H2 for ARM64-based Systems ● Windows 11 Version 23H2 for x64-based Systems ● Windows Server 2016 ● Windows Server 2016 (Server Core installation) ● Windows Server 2019 ● Windows Server 2019 (Server Core installation) ● Windows Server 2022 ● Windows Server 2022 (Server Core installation) ● Windows Server 2022, 23H2 Edition (Server Core installation)
[Recommended Actions] The official fix for the vulnerability has been released. Please refer to the official instructions to update. The link is as follows: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2024-30040 2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040 3. https://www.ithome.com.tw/news/162875

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center