Weekly Security Roundup: Critical Patches & Threats
This week's top cybersecurity alerts: critical vulnerabilities in enterprise software, active ransomware campaigns, and essential security patches.
This week brought several critical security developments that demand immediate attention from IT teams. From zero-dayZero-Day🛡️A security vulnerability that is exploited or publicly disclosed before the software vendor can release a patchPatch🛡️A software update that fixes security vulnerabilities, bugs, or adds improvements to an existing program., giving developers 'zero days' to fix it. exploits to widespread ransomware campaigns, organizations face multiple fronts requiring swift action.
Critical VMware Vulnerabilities Patched
VMware released emergency patches for CVE-2024-38812 and CVE-2024-38813, addressing authentication bypassAuthentication Bypass📖A security vulnerabilityVulnerability🛡️A weakness in software, hardware, or processes that can be exploited by attackers to gain unauthorized access or cause harm. that allows an attacker to circumvent the login verification process and gain unauthorized access to a system without providing valid credentials. and privilege escalationPrivilege Escalation🛡️An attack technique where an adversary gains elevated access rights beyond what was initially granted. flaws in vCenter Server. Both vulnerabilities carry CVSS scores above 9.0, enabling attackers to gain full administrative control without credentials. The Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation in the wild.
Organizations running vCenter Server versions 7.0 and 8.0 must apply patches immediately. Threat actors are targeting exposed management interfaces, particularly in cloud environments where vCenter may be accessible from the internet.
LockBit 4.0 Ransomware Campaign Intensifies
Security researchers identified a resurgent LockBit operation deploying new variants with improved encryptionEncryption🛡️The process of converting data into a coded format that can only be read with the correct decryption key. algorithms and anti-forensic capabilities. The group is exploiting unpatched [[glossary:remote-desktop-protocol]] vulnerabilities and compromised VPN credentials to gain initial access.
Organizations should enforce [[glossary:multi-factor-authentication]], disable RDP exposure to the internet, and maintain offline backups. Network segmentation remains critical to limiting lateral movementLateral Movement🛡️Techniques attackers use to move through a network after initial compromise, seeking additional systems to control and data to steal. during active intrusions.
Microsoft Patch Tuesday Highlights
Microsoft's January Patch Tuesday addressed 87 vulnerabilities, including three zero-days. CVE-2024-20700, a Windows Hyper-V elevation of privilege flaw, and CVE-2024-20701, affecting Windows NTLM hash disclosure, require priority attention. Both are under active exploitation according to Microsoft's advisory.
Deploy these patches during your next maintenance window, prioritizing internet-facing systems and domain controllers. Test critical business applications in staging environments first to prevent operational disruptions.
Immediate Actions Required
IT teams should prioritize these tasks: verify VMware vCenter patches are deployed, audit RDP and VPN exposure, implement MFA across all remote access points, and validate backup restoration procedures. Review [[learn:incident-response-planning]] to ensure readiness for potential ransomware incidents.
Monitor your environment for unusual authentication attempts, particularly against privileged accounts. Enable enhanced logging on critical infrastructure and configure [[glossary:security-information-event-management]] alerts for suspicious lateral movement patterns.