Home Cyber Security Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

lohitnath.453
-
0
Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

[ad_1]

Sep 13, 2023THNEndpoint Safety / Zero Day

Microsoft Windows Update

Microsoft has launched software program fixes to remediate 59 bugs spanning its product portfolio, together with two zero-day flaws which were actively exploited by malicious cyber actors.

Of the 59 vulnerabilities, 5 are rated Essential, 55 are rated Essential, and one is rated Reasonable in severity. The replace is along with 35 flaws patched within the Chromium-based Edge browser since final month’s Patch Tuesday version, which additionally encompasses a repair for CVE-2023-4863, a important heap buffer overflow flaw within the WebP picture format.

The 2 Microsoft vulnerabilities which have come below lively exploitation in real-world assaults are listed under –

  • CVE-2023-36761 (CVSS rating: 6.2) – Microsoft Phrase Data Disclosure Vulnerability
  • CVE-2023-36802 (CVSS rating: 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

“Exploiting this vulnerability might permit the disclosure of NTLM hashes,” the Home windows maker mentioned in an advisory about CVE-2023-36761, stating CVE-2023-36802 might be abused by an attacker to achieve SYSTEM privileges.

Precise particulars surrounding the character of the exploitation or the identification of the menace actors behind the assaults are presently unknown.

“Exploitation of [CVE-2023-36761] isn’t just restricted to a possible goal opening a malicious Phrase doc, as merely previewing the file may cause the exploit to set off,” Satnam Narang, senior employees analysis engineer at Tenable, mentioned. Exploitation would permit for the disclosure of New Expertise LAN Supervisor (NTLM) hashes.”

Cybersecurity

“The primary was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed within the March Patch Tuesday launch.”

Different vulnerabilities of be aware are a number of distant code execution flaws impacting Web Connection Sharing (ICS), Visible Studio, 3D Builder, Azure DevOps Server, Home windows MSHTML, and Microsoft Alternate Server and elevation of privilege points in Home windows Kernel, Home windows GDI, Home windows Widespread Log File System Driver, and Workplace, amongst others.

Software program Patches from Different Distributors

Aside from Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with –

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



[ad_2]

© Newspaper WordPress Theme by TagDiv