Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Technology

Sep 13, 2023THNEndpoint Security / Zero Day

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors.

Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month’s Patch Tuesday edition, which also encompasses a fix for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP image format.

The two Microsoft vulnerabilities that have come under active exploitation in real-world attacks are listed below –

  • CVE-2023-36761 (CVSS score: 6.2) – Microsoft Word Information Disclosure Vulnerability
  • CVE-2023-36802 (CVSS score: 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

“Exploiting this vulnerability could allow the disclosure of NTLM hashes,” the Windows maker said in an advisory about CVE-2023-36761, stating CVE-2023-36802 could be abused by an attacker to gain SYSTEM privileges.

Exact details surrounding the nature of the exploitation or the identity of the threat actors behind the attacks are currently unknown.

“Exploitation of [CVE-2023-36761] is not just limited to a potential target opening a malicious Word document, as simply previewing the file can cause the exploit to trigger,” Satnam Narang, senior staff research engineer at Tenable, said. Exploitation would allow for the disclosure of New Technology LAN Manager (NTLM) hashes.”

Cybersecurity

“The first was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed in the March Patch Tuesday release.”

Other vulnerabilities of note are several remote code execution flaws impacting Internet Connection Sharing (ICS), Visual Studio, 3D Builder, Azure DevOps Server, Windows MSHTML, and Microsoft Exchange Server and elevation of privilege issues in Windows Kernel, Windows GDI, Windows Common Log File System Driver, and Office, among others.

Software Patches from Other Vendors

Other than Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including –

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

6 Best Men’s Walking Shoes Under $100 — Feet Treats in 2024
Apple Safari Technology Preview 208 Released With JavaScript, Web API and Other Fixes
OpenAI gets $1.5 billion investment from SoftBank in tender offer
Weakening storm slides into LA. See the weekend forecast – NBC Los Angeles
Twisted Romance Gets Darkly Hilarious in Peacock’s Laid