Microsoft released a record-breaking 132 vulnerability fixes this month and detailed six zero-day bugs, including one being actively exploited in attacks against NATO member states.
Of the volume of attacks, 9 CVEs were rated Critical, 37 were remote code execution (RCE) flaws, and 33 were privilege escalation bugs.
Read more about the zero-day flaw: Microsoft fixes zero-day bug with this patch on Tuesday
All six zero-days are actively being exploited in the wild, one of which is publicly available. The latter is CVE-2023-36884, an RCE vulnerability affecting Office and Windows HTML. Microsoft has warned that the product is being used to target organizations attending this week’s NATO summit in ransomware and espionage attacks leveraging the RomCom backdoor.
There is no patch for this vulnerability this month, but Microsoft released a mitigation and promised a fix soon.
Another priority for organizations is CVE-2023-35311. CVE-2023-35311 is a Microsoft Outlook security feature bypass bug that uses a low attack complexity network attack vector that requires user interaction but does not require elevation of privileges.
“It’s important to note that this vulnerability specifically allows bypassing security features in Microsoft Outlook and does not allow remote code execution or privilege escalation,” said Action1 co-founder Mike Walters. explained.
“Thus, an attacker could combine this with other exploits for a blanket attack. This vulnerability affects all versions of Microsoft Outlook from 2013 onwards.”
Other zero-day defects are:
- CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability
- CVE-2023-32049: Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2023-36874: Elevation of Privilege Vulnerability in Windows Error Reporting Service
- ADV230001: New Guidance for Exploiting Microsoft Signed Drivers
Regarding the latter guidance, Chris Goettl, vice president of security products at Ivanti, notes that several developer accounts in the Microsoft Partner Center (MPC) are submitting malicious drivers for Microsoft to sign. described as having been discovered.
“All developer accounts involved in this incident were immediately suspended. Microsoft released a Windows security update that no longer trusts drivers and driver signing certificates for the affected files, and suspended the partner’s seller account. ‘ he added.
“In addition, Microsoft has implemented blocking detection to protect customers from legitimately signed drivers being used maliciously in post-exploit activities.”
