UAE issues high-risk cyber alert, urges residents to update Microsoft

UAE Microsoft security updates

The UAE has issued a high-risk cyber alert, urging residents to update their Microsoft software promptly. This comes as the technology giant released security updates to address 61 vulnerabilities, including two critical ones. The UAE Cyber Security Council emphasized the importance of implementing these updates to mitigate the risk of breaches or leaks of personal information and data.

The release of Microsoft's security updates coincides with the unveiling of the UAE's Cybersecurity Report 2024, a collaborative effort between the UAE Cyber Security Council and CPX Holding. The report paints a concerning picture, revealing that the UAE currently harbors 155,000 vulnerable cyber assets, with 40 percent of them being over five years old. This revelation underscores the urgent need for advanced cybersecurity measures, particularly in light of escalating cyber threats, such as sophisticated ransomware attacks.

The vulnerabilities addressed by Microsoft's updates include:

1. CVE-2024-21334: A remote code execution vulnerability affecting the Open Management Infrastructure (OMI) system. With a CVSSv3 score of 9.8, this vulnerability could allow a remote unauthenticated attacker to access the OMI instance from the Internet and trigger a use-after-free vulnerability by sending specially crafted requests.

2. CVE-2024-21400: A privilege escalation vulnerability impacting Microsoft Azure Kubernetes Service Confidential Container (AKSCC). Rated at 9.0 on the CVSSv3 scale, this vulnerability could enable an attacker to steal credentials and affect resources beyond the security scope managed by AKSCC.

3. CVE-2024-21407: A remote code execution vulnerability affecting Windows Hyper-V. With a CVSSv3 score of 8.1, this vulnerability could allow an authenticated attacker on a guest VM to execute remote code by sending specially crafted file operation requests to hardware resources on the VM.

4. CVE-2024-21426: A remote code execution vulnerability affecting Microsoft SharePoint. Rated at 7.8 on the CVSSv3 scale, this vulnerability could enable an attacker to perform a remote attack, gaining access to victim information and the ability to alter data by convincing a user to open a malicious file.

Affected individuals are strongly encouraged to review Microsoft's March 2024 Security Update Summary and apply the relevant updates as soon as possible. By doing so, they can protect themselves against potential cyber threats and ensure the security of their digital assets.

In conclusion, the UAE's proactive approach to cybersecurity underscores its commitment to safeguarding its residents and digital infrastructure. By staying vigilant and taking prompt action to address vulnerabilities, individuals and organizations can mitigate the risk of cyber attacks and contribute to a safer online environment for all.