In a recent turn of events, Microsoft revealed 132 security flaws this week across all product lines. This includes a total of six zero-day flaws that are currently being actively exploited. Because of this, security professionals have advised Windows users to upgrade right away.
Also Read: Microsoft is bringing passkey support to Windows 11 so users can log into websites without password
One of the zero-day vulnerabilities affects Windows HTML and Microsoft Office and allows remote code execution. Though this being a Patch Tuesday rollout, Microsoft has surprisingly not yet released a patch for CVE-2023-36884, opting instead to provide configuration mitigation methods. Microsoft has connected the exploitation of this vulnerability to the Russian cybercrime group RomCom, which is suspected to be acting in the interests of Russian intelligence.
A vulnerability risk management specialist at Rapid7, Adam Barnett, has warned that this Russian group was previously engaged in ransomware attacks that targeted quite a substantial number of victims.
Security professionals are cautioning Windows users to apply the updates as quickly as possible given the number of vulnerabilities that have been addressed and the fact that some zero-days are among them. The Microsoft Security Update Guide contains a comprehensive list of the vulnerabilities fixed by the most recent Patch Tuesday release. Security professionals have, however, called attention to some of the more crucial ones.
- Vulnerability: CVE-2023-36884
Microsoft has stated that it is looking into claims of several remote code execution flaws affecting Windows and Office products. Microsoft is aware of specific attacks that try to use specially created Microsoft Office documents to exploit these flaws. Microsoft has acknowledged that CVE-2023-36884 is not yet patched, but that it would “take the appropriate action to help protect our customers” after it is done with its investigation.
- Vulnerability: CVE-2023-32046
CVE-2023-32046, a Windows MSHTML platform elevation of privilege vulnerability, is also widely used. This zero-day vulnerability affects the Windows core MSHTML component, which is used to produce material like HTML. Kev Breen, director of cyber threat research at Immersive Labs, cautions, “This is not limited to browsers. Other applications like Office, Outlook, and Skype also make use of this component.” The typical suspects—a malicious document attached to an email or a malicious website or web page—would likely be the attack vectors. According to Breen, “this vulnerability would probably be used as an initial infection vector,” enabling the attacker to execute code while the user is clicking a link or opening a document.
- Vulnerability: CVE-2023-36874
CVE-2023-36874 is also an elevation of privilege vulnerability, but this affects the Windows Error Reporting (WER) service. If this vulnerability is properly used, the attacker can gain admin access. Tom Bowyer, who is working in product security at Automax, has expressed, “The WER service is a feature in Microsoft Windows operating systems that automatically collects and sends error reports to Microsoft when certain software crashes or encounters other types of errors.” Further, Bowyer added, “This zero-day vulnerability is being actively exploited, so if WER is used by your organisation, we recommend patching within 24 hours.”
Also Read: Google accuses Microsoft of anticompetitive cloud practices
- Vulnerability: CVE-2023-32049
Another vulnerability that has received attention is CVE-2023-32049. This too is being widely exploited and stands to affect the Windows SmartScreen feature. Chris Goettl, who is vice president of security products at Ivanti, stated, “The CVE is rated as important, but Microsoft has confirmed reports of exploitation for this vulnerability, increasing the urgency to critical.”
Follow FE Tech Bytes on Twitter, Instagram, LinkedIn, Facebook
