Microsoft on Tuesday released updates that address a total of 132 new security flaws across its software. That includes six zero-day flaws that the company announced are actively being exploited in the wild.
Of the 132 vulnerabilities, 9 have been assigned a severity rating of Critical, 122 have been assigned a severity rating of Important, and 1 has been assigned a severity rating of None. This is in addition to his eight flaws that the tech giant patched into his Chromium-based Edge browser late last month.
Here is a list of issues that are being actively exploited:
- CVE-2023-32046 (CVSS Score: 7.8) – Windows MSHTML Platform Elevation of Privilege Vulnerability
- CVE-2023-32049 (CVSS Score: 8.8) – Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2023-35311 (CVSS Score: 8.8) – Microsoft Outlook Security Feature Bypass Vulnerability
- CVE-2023-36874 (CVSS Score: 7.8) – Windows Error Reporting Service Elevation of Privilege Vulnerability
- CVE-2023-36884 (CVSS Score: 8.3) – Office and Windows HTML Remote Code Execution Vulnerability (also publicly known at time of release)
- ADV230001 – Malicious use of Microsoft-signed drivers for post-exploit activities (no CVE assigned)
Windows makers are aware of targeted attacks against defense and government agencies in Europe and North America attempting to exploit CVE-2023-36884 using a specially crafted Microsoft Office document lure related to the Ukraine World Congress said, as did BlackBerry’s latest findings. .
“An attacker could create a specially crafted Microsoft Office document that could allow remote code execution in the victim’s context,” Microsoft said. “However, the attacker would have to force the victim to open the malicious file.”
The company has flagged an intrusion campaign against a Russian cybercriminal group it tracks as Storm-0978, also known as RomCom, Tropical Scorpius, UNC2596, and Void Rabisu.
“This threat actor is also deploying Underground ransomware, which is closely related to the Industrial Spy ransomware that was first observed in the wild in May 2022,” explained the Microsoft Threat Intelligence team. . “This actor’s latest campaign, detected in June 2023, included exploiting his CVE-2023-36884 to deliver a backdoor similar to RomCom.”
Recent phishing attacks carried out by this actor targeted various Ukrainian and pro-Ukrainian targets in Eastern Europe and North America using Trojanized versions of legitimate software hosted on similar websites. deploys a remote access Trojan called RomCom RAT.
RomCom was first documented as a group associated with Cuban ransomware, but has since been followed by others, including Industrial Spy and, as of July 2023, a new variant called Underground, which has significant source code overlap with Industry Spy. of ransomware strains.
Microsoft said it will take “appropriate steps to protect customers” through out-of-band security updates or a monthly release process. Since there is no patch for CVE-2023-36884, the company is urging users to use the “Block all Office applications from creating child processes” attack surface reduction (ASR) rule.
Redmond also exploited a loophole in Windows policy to change the driver signing date prior to July 29, 2015 by utilizing open source tools such as: revoked the code-signing certificate used to install it on the system that was infected. HookSignTool and FuckCertVerifyTimeValidity.
This finding suggests that the use of rogue kernel-mode drivers is gaining momentum among threat actors because they operate at the highest privilege level on Windows. This makes it possible to impede the functioning of security software while simultaneously establishing long-term persistence. To avoid detection.
🔐 PAM Security – Expert Solutions to Secure Sensitive Accounts
Gain the knowledge and strategies you need to transform your privileged access security strategy in this expert-led webinar.
reserve a spot
It is not clear at this time how the other flaws are being exploited or how widespread those attacks are. However, given the active exploitation, users are encouraged to apply the update as soon as possible to mitigate potential threats.
Software patches from other vendors
In addition to Microsoft, other vendors have released security updates over the past few weeks that fix several vulnerabilities, including:
