Home Security Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

by crpt os


Sep 13, 2023THNEndpoint Security / Zero Day

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors.

Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month’s Patch Tuesday edition, which also encompasses a fix for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP image format.

The two Microsoft vulnerabilities that have come under active exploitation in real-world attacks are listed below –

  • CVE-2023-36761 (CVSS score: 6.2) – Microsoft Word Information Disclosure Vulnerability
  • CVE-2023-36802 (CVSS score: 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

“Exploiting this vulnerability could allow the disclosure of NTLM hashes,” the Windows maker said in an advisory about CVE-2023-36761, stating CVE-2023-36802 could be abused by an attacker to gain SYSTEM privileges.

Exact details surrounding the nature of the exploitation or the identity of the threat actors behind the attacks are currently unknown.

“Exploitation of [CVE-2023-36761] is not just limited to a potential target opening a malicious Word document, as simply previewing the file can cause the exploit to trigger,” Satnam Narang, senior staff research engineer at Tenable, said. Exploitation would allow for the disclosure of New Technology LAN Manager (NTLM) hashes.”

Cybersecurity

“The first was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed in the March Patch Tuesday release.”

Other vulnerabilities of note are several remote code execution flaws impacting Internet Connection Sharing (ICS), Visual Studio, 3D Builder, Azure DevOps Server, Windows MSHTML, and Microsoft Exchange Server and elevation of privilege issues in Windows Kernel, Windows GDI, Windows Common Log File System Driver, and Office, among others.

Software Patches from Other Vendors

Other than Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including –

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex