Microsoft’s Massive Security Patch: Spotlight on Six Zero-Day Vulnerabilities

Reading Time: ( Word Count: )

July 12, 2023
Nextdoorsec-course

 Microsoft has released a record-breaking 132 new vulnerability fixes this month, six of which are zero-day vulnerabilities. Zero-day vulnerabilities are software vulnerabilities unknown to those interested in fixing the vulnerability, leaving the software’s users vulnerable to attacks. One of the zero-days, CVE-2023-36884, a remote code execution (RCE) bug affecting Office and Windows HTML, is already being exploited in attacks against NATO members.

37 of the issues in this batch are RCE (remote code execution) problems, while 33 are privilege escalation bugs. Nine of these weaknesses have been rated as “vital.” One of the six zero-day defects has been publicly known, and all six are currently being extensively attacked in the wild.

Microsoft has already issued security measures for the aforementioned CVE-2023-36884 problem and says a cure will be available soon. The bug is being used in ransomware and espionage attacks via a backdoor called RomCom, targeting organisations participating in the NATO summit.

Also Read: “Celebrities Migrate to Threads: The End of Twitter’s Reign?”

Microsoft's Massive Security Patch

Another vital issue is CVE-2023-35311, a security bypass flaw affecting Microsoft Outlook. This issue uses a user-interactive, low-complexity hacking route that doesn’t require special privileges. It gets through the security measures in Microsoft Outlook but does not allow remote code execution or access activation. To launch a more thorough attack, hackers would probably combine this flaw with other attacks. Beginning with patch 2013, this flaw impacts all versions of Microsoft Outlook.

The other actively exploited zero-day vulnerabilities include CVE-2023-32046, an elevation of privilege vulnerability in Windows MSHTML Platform; CVE-2023-32049, a Windows SmartScreen security bypass flaw; CVE-2023-36874, a privilege elevation issue in Windows Error Reporting Service; and ADV230001, which is new guidance on Microsoft Signed Drivers being used maliciously.

Microsoft also addressed the malicious use of signed drivers under their Developer Program. After discovering several developer accounts submitting harmful drivers to obtain a Microsoft signature, Microsoft suspended all involved accounts. It released Windows security updates that untrust drivers and driver signing certificates for the affected files. Additionally, Microsoft has implemented blocking detections to help protect customers from legitimately signed drivers used in malicious post-exploit activity.

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

GitHub Embraces Device-Linked Passkeys for a More Secure User Experience.

GitHub Embraces Device-Linked Passkeys for a More Secure User Experience.

GitHub has today announced the widespread availability of passkeys across its platform, offering an enhanced ...
Internet Security vs. Antivirus

Internet Security vs. Antivirus

The software programs "Antivirus" and "Internet Security" safeguard the user system from malicious programs by ...
Wi-Fi Security Key vs. Password: Unraveling the Difference

Wi-Fi Security Key vs. Password: Unraveling the Difference

In the digital age, where connectivity is king, securing our Wi-Fi networks is paramount. When it comes to ...
Instagram Security Code Not Working

Instagram Security Code Not Working

In the realm of social media, Instagram stands as one of the most popular platforms for sharing moments, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *