The six actively exploited defects are:

• CVE-2024-38178 — A memory corruption vulnerability in the Windows Scripting Engine allows remote code execution attacks if an authenticated client is tricked into clicking a link, enabling an unauthenticated attacker to initiate remote code execution. Successful exploitation requires the attacker to first prepare the target to use Edge in Internet Explorer Mode. CVSS severity: 7.5/10
• CVE-2024-38189 — A remote code-execution flaw in Microsoft Project is being exploited via maliciously rigged Microsoft Office Project files on systems where the ‘Block macros from running in Office files from the Internet’ policy is disabled and ‘VBA Macro Notification Settings’ are not enabled, allowing an attacker to perform remote code-execution. CVSS: 8.8/10
• CVE-2024-38107 — A privilege escalation flaw in the Windows Power Dependency Coordinator. Microsoft rates this as “important” with the note that “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” No indicators of compromise or additional details are provided. CVSS: 7.8/10
• CVE-2024-38106 — Exploitation has been detected targeting this Windows kernel elevation of privilege flaw. Successful exploitation requires an attacker to win a race condition, potentially allowing them to gain SYSTEM privileges. CVSS: 7.0/10
• CVE-2024-38213 — Microsoft identifies this as a Windows Mark of the Web security feature bypass currently being exploited in active attacks. An attacker who successfully exploits this vulnerability could bypass the SmartScreen user experience.
• CVE-2024-38193 — An elevation of privilege security defect in the Windows Ancillary Function Driver for WinSock is being exploited in the wild. Technical details and indicators of compromise (IOCs) are not available.