Microsoft rolls out 80 Cyber Security fixes for potential vulnerabilities
Microsoft released a patch rollout this month that includes fixes for 80 vulnerabilities in their applications including Zero-Day flaws in Windows SmartScreen and Outlook. The patch rollout includes 9 critical vulnerabilities, 70 important, and 1 moderate | 40% are remote code execution flaws, 31% elevation of privilege flaws, and 22% information disclosure flaws.
Below are 2 ACTIVILEY Exploited Zero-Day Vulnerabilities:
The Microsoft Outlook vulnerability (CVE-2023-23397) has been given a CVSS (Common Vulnerability Scoring System) score of 9.8, with specialists stating it may be one of the biggest critical vulnerabilities of 2023.
“Given the network attack vector, the ubiquity of SMB shares, and the lack of user authentication required, an attacker with a suitable existing foothold on a network may well consider this vulnerability a prime candidate for lateral movement,” Rapid7 lead software engineer Adam Barnett said.
Windows SmartScreen was the 2nd Zero-Day vulnerability (CVE-2023-24880), with a CVSS score of 5.4, it allowed a user to craft a malicious file that could bypass a MOTW (Mark of the Web) and disable a security feature called ‘Protective View’ which relies on MOTW to verify files.
“When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file,” Microsoft explained. “So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check.”
Another vulnerability pros are concerned about
A bug not actively exploited but was highlighted by the vice president of threat research ‘Mike Walters’ was vulnerability CVE-2023-23415, being dubbed the ‘ping of death’ with a CVSS score of also 9.8. This vulnerability can perform an RCE (Remote Code Execution) if exploited.
“An attacker can use this weakness to send a low-level protocol error, containing a fragmented IP packet within another ICMP packet header, to the target machine,” Walters noted. “To activate the flaw, an application on the target must be connected to a raw socket. This vulnerability could result in remote code execution. The attack is easy to execute and does not require any privileges or user interaction.”
Below are another 7 CRITICAL vulnerabilities that were not exploited but disastrous if never patched:
CVE-2023-21708 - With a CVSS score of 9.8 | Vulnerability: Remote Procedure Call, Remote Code Execution
CVE-2023-23392 - With a CVSS score of 9.8 | Vulnerability: HTTP Protocol Stack Remote Code Execution
CVE-2023-1017 - With a CVSS score of 8.8 | Vulnerability: TPM 2.0 Module Library Elevation of Privilege Vulnerability
CVE-2023-1018 - With a CVSS score of 8.8 | Vulnerability: TPM 2.0 Module Library Elevation of Privilege Vulnerability
CVE-2023-23416 - With a CVSS score of 8.4 | Vulnerability: Windows Cryptographic Services Remote Code Execution
CVE-2023-23404 - With a CVSS score of 8.1 | Vulnerability: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-23411 - With a CVSS score of 6.5 | Vulnerability: Windows Hyper-V Denial of Service
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.