HomeVulnerabilityMicrosoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft has launched software program fixes to remediate 59 bugs spanning its product portfolio, together with two zero-day flaws which have been actively exploited by malicious cyber actors.

Of the 59 vulnerabilities, 5 are rated Vital, 55 are rated Vital, and one is rated Average in severity. The replace is along with 35 flaws patched within the Chromium-based Edge browser since final month’s Patch Tuesday version, which additionally encompasses a repair for CVE-2023-4863, a essential heap buffer overflow flaw within the WebP picture format.

The 2 Microsoft vulnerabilities which have come underneath energetic exploitation in real-world assaults are listed beneath –

  • CVE-2023-36761 (CVSS rating: 6.2) – Microsoft Phrase Info Disclosure Vulnerability
  • CVE-2023-36802 (CVSS rating: 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

“Exploiting this vulnerability might enable the disclosure of NTLM hashes,” the Home windows maker mentioned in an advisory about CVE-2023-36761, stating CVE-2023-36802 might be abused by an attacker to realize SYSTEM privileges.

See also  VMware Releases Patch for Crucial vCenter Server RCE Vulnerability

Precise particulars surrounding the character of the exploitation or the identification of the risk actors behind the assaults are at the moment unknown.

“Exploitation of [CVE-2023-36761] is not only restricted to a possible goal opening a malicious Phrase doc, as merely previewing the file may cause the exploit to set off,” Satnam Narang, senior workers analysis engineer at Tenable, mentioned. Exploitation would enable for the disclosure of New Know-how LAN Supervisor (NTLM) hashes.”

“The primary was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed within the March Patch Tuesday launch.”

Different vulnerabilities of observe are a number of distant code execution flaws impacting Web Connection Sharing (ICS), Visible Studio, 3D Builder, Azure DevOps Server, Home windows MSHTML, and Microsoft Alternate Server and elevation of privilege points in Home windows Kernel, Home windows GDI, Home windows Frequent Log File System Driver, and Workplace, amongst others.

Software program Patches from Different Distributors

Aside from Microsoft, security updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with –

See also  SEC Investigating Progress Software program Over MOVEit Hack

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular