Mia Davis
June 17, 2024
4 Min Read

Threat Report 17.06.24

Microsoft fixes 51 vulnerabilities in monthly patch

Microsoft has released their monthly security patch addressing 51 flaws, including 18 remote code execution vulnerabilities. Of the 51 vulnerabilities, one is rated as Critical with the other 50 rated as Important. None of the vulnerabilities are known to be exploited in the wild currently.

To ensure your systems are protected, it is recommended to update all Microsoft systems and products as soon as possible. The full list of vulnerabilities can be viewed in the release notes published by Microsoft.

JetBrains IntelliJ IDE vulnerability exposes GitHub access tokens

JetBrains has warned of a critical vulnerability in their IntelliJ IDE applications that could expose GitHub access tokens, compromising repositories.

The vulnerability, tracked as CVE-2024-37051, is present in all IntelliJ-based IDEs from version 2023.1 onwards where the JetBrains GitHub plugin is in use. The vulnerability would cause access tokens to be exposed to a third-party host when IntelliJ-based IDEs would handle pull requests containing malicious content.

To mitigate this issue, JetBrains recommends updating affected products and plugins as soon as possible. They have also recommended revoking any GitHub tokens used by the plugin if the GitHub pull request functionality was actively used in the IDE.

Phishing emails abuse Windows search protocol to push malicious scripts

Security researchers have reported threat actors have been observed spreading malicious scripts through a phishing email campaign abusing Windows search protocol.

The attack leverages an understanding of system vulnerabilities and user behaviours to spread malware to the targets. The attack begins with an email with an attached ZIP file which contains a HTML document. This attachment is disguised as a typical document, such as an invoice. When this HTML file is opened, it abuses standard web protocols to exploit Windows system functionalities and automatically reload and redirect to a new page. When the user accepts a security prompt, a .BAT file is retrieved from a remote server which when run could perform malicious actions.

We recommend always verifying the sender is legitimate, and to exercise caution when opening files, even from trusting senders. Be aware of any warnings presented by browsers and the operating system. When in doubt, consult with your security team.

Read similar blogs