The zero-day vulnerabilities CVE-2024-38080 and CVE-2024-38112 are currently being exploited in the wild. CVE-2024-38080 is an integer overflow bug affecting Hyper-V, Windows’ hypervisor for virtual machines. This flaw could allow attackers with initial local access to gain SYSTEM privileges on the host machine, making it critical to apply updates promptly.
Dustin Childs from Trend Micro’s Zero Day Initiative emphasizes the urgency of deploying the update for Hyper-V systems. Although Microsoft has not specified the extent of exploitation, Childs warns that such a vulnerability could be highly beneficial for ransomware attacks if an authorized user is on a guest OS.
CVE-2024-38112 is a spoofing vulnerability in the Windows MSHTML Platform, which can be triggered by a specially crafted HTML file. This flaw exists in the MSHTML (Trident) rendering engine used by Internet Explorer and other applications, and it results from inadequate resource access validation.
Mike Walters from Action1 highlights that the vulnerability can deceive users into thinking malicious content comes from a trusted source. Attackers could exploit this by using phishing tactics to deliver malicious attachments or links that render harmful content in a trusted context, potentially leading to credential theft or malware installation.