Microsoft An update was released today that fixes more than five dozen of its security vulnerabilities Windows Operating systems and related software, including three “zero-day” vulnerabilities warned by Microsoft, have been exploited in active attacks.
Zero-day threats targeting Microsoft this month include CVE-2023-36025, a vulnerability that allows malicious content to bypass the Windows SmartScreen security feature. SmartScreen is a built-in Windows component that attempts to detect and block malicious websites and files. Microsoft’s security advisory for this flaw states that an attacker could exploit this flaw by asking Windows users to click on a booby-trapped link that points to a shortcut file.
Kevin BrinSenior Director of Threat Research Immersive Labindicating that emails with .url attachments or logs containing processes spawned from .url files “should be a high priority for threat hunters as this vulnerability is actively exploited in the wild.”
The second zero-day vulnerability this month is CVE-2023-36033, a vulnerability in the “DWM Core Library” in Microsoft Windows that has been widely exploited as a zero-day vulnerability and publicly disclosed before a patch was released. It affects Microsoft Windows 10 and later versions, as well as Microsoft Windows Server 2019 and later versions.
“This vulnerability can be exploited locally with low complexity and does not require high-level permissions or user interaction,” said mcwatersPresident and Co-Founder of Security Inc. Action 1. “An attacker who exploited this flaw could gain system privileges, making it an effective method of escalating privileges, especially after initial access is gained through methods such as phishing.”
The final zero-day vulnerability in this month’s Patch Tuesday is an issue in the Windows Cloud Files Mini Filter Driver, tracked as CVE-2023-36036, which affects Windows 10 and later and Windows Server 2008 and later. . Microsoft says it’s relatively simple for attackers to exploit CVE-2023-36036 to escalate their privileges on an infected PC.
Brin said that in addition to zero-day vulnerabilities, organizations also run microsoft exchange server Several new Exchange patches should be prioritized, including CVE-2023-36439, a bug that allows attackers to install malware on Exchange servers. Technically, this vulnerability requires the attacker to authenticate to the target’s local network, but Breen noted that a pair of phished Exchange credentials would work well to provide that access.
“This is often accomplished through a social engineering attack of spear phishing to gain initial access to the host before hunting for other vulnerable internal targets – simply because your Exchange Server does not have an internet-facing identity. Verification doesn’t mean it’s protected,” Breen said.
Breen said the vulnerability is closely related to three other Exchange vulnerabilities that Microsoft has designated as “more likely to be exploited”: CVE-2023-36050, CVE-2023-36039 and CVE-2023-36035.
at last, SANS Cyber Storm Center Points out that Microsoft fixed two other bugs this month that haven’t yet shown signs of being actively exploited, but were publicized before today and therefore deserve priority.These include: CVE-2023-36038, a denial of service vulnerability ASP.NET Corewith a CVSS score of 8.2; and CVE-2023-36413:A Microsoft Office software Security feature bypassed. Exploiting this vulnerability will bypass protected mode when opening files received over the network.
Windows users, please consider backing up your data and/or imaging your system before applying any updates. If you encounter any difficulties with these patches, please feel free to leave a message in the comments.