UAE Issues High-Risk Cyber Alert, Urges Residents to Update Microsoft

In a bid to bolster cybersecurity measures, the United Arab Emirates (UAE) Cyber Security Council has issued a high-risk cyber alert, urging residents to promptly update their Microsoft systems. The alert comes in response to the release of security updates by Microsoft, aimed at addressing 61 vulnerabilities, including two critical ones. Failure to implement these updates could potentially expose systems to exploitation by cyber threat actors, posing risks to personal data and sensitive information.

The UAE Cyber Security Council emphasized the importance of swiftly implementing the Microsoft updates to mitigate the possibility of breaches or leaks of crucial data. This proactive measure seeks to safeguard individuals, businesses, and government entities from falling victim to cyber threats, which have become increasingly sophisticated and prevalent.

According to the UAE’s Cybersecurity Report 2024, jointly issued by the UAE Cyber Security Council and CPX Holding, the nation currently harbors approximately 155,000 vulnerable cyber assets, with 40 percent of them aged over five years. This revelation underscores the pressing need for enhanced cybersecurity measures to combat the evolving landscape of cyber threats, including ransomware attacks and other malicious activities.

The Microsoft security updates target various vulnerabilities, each posing a distinct risk to system integrity and data security. Among these vulnerabilities are:

1. CVE-2024-21334: A remote code execution vulnerability affecting Open Management Infrastructure (OMI), with a CVSSv3 score of 9.8. This vulnerability could potentially allow a remote unauthenticated attacker to access the OMI instance and trigger a use-after-free vulnerability.
2. CVE-2024-21400: A privilege escalation vulnerability impacting Microsoft Azure Kubernetes Service Confidential Container, with a CVSSv3 score of 9.0. This vulnerability could enable an attacker to steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC).
3. CVE-2024-21407: A remote code execution vulnerability affecting Windows Hyper-V, with a CVSSv3 score of 8.1. This vulnerability could permit an authenticated attacker on a guest VM to execute malicious code on the host server by sending specially crafted file operation requests.
4. CVE-2024-21426: A remote code execution vulnerability affecting Microsoft SharePoint, with a CVSSv3 score of 7.8. This vulnerability could facilitate a remote attack, granting an attacker access to the victim’s information and the ability to manipulate data by convincing a user to open a malicious file.

Individuals and organizations affected by these vulnerabilities are strongly advised to review Microsoft’s March 2024 Security Update Summary and apply the relevant updates promptly. By taking proactive measures to address these vulnerabilities, individuals can mitigate the risk of falling victim to cyber attacks and protect their data from unauthorized access or exploitation.

In light of the evolving threat landscape, cybersecurity remains a top priority for governments, businesses, and individuals alike. The UAE’s proactive approach to addressing cybersecurity risks underscores its commitment to ensuring the safety and security of its digital infrastructure and citizens in an increasingly interconnected world.