[ad_1]
Microsoft right now launched updates to repair greater than 5 dozen safety holes in its Windows working programs and associated software program, together with three “zero day” vulnerabilities that Microsoft warns are already being exploited in lively assaults.
The zero-day threats concentrating on Microsoft this month embrace CVE-2023-36025, a weak spot that permits malicious content material to bypass the Windows SmartScreen Security characteristic. SmartScreen is a built-in Windows element that tries to detect and block malicious web sites and information. Microsoft’s safety advisory for this flaw says attackers may exploit it by getting a Windows person to click on on a booby-trapped hyperlink to a shortcut file.
Kevin Breen, senior director of risk analysis at Immersive Labs, mentioned emails with .url attachments or logs with processes spawning from .url information “should be a high priority for threat hunters given the active exploitation of this vulnerability in the wild.”
The second zero day this month is CVE-2023-36033, which is a vulnerability within the “DWM Core Library” in Microsoft Windows that was exploited within the wild as a zero day and publicly disclosed previous to patches being out there. It impacts Microsoft Windows 10 and later, in addition to Microsoft Windows Server 2019 and subsequent variations.
“This vulnerability can be exploited locally, with low complexity and without needing high-level privileges or user interaction,” mentioned Mike Walters, president and co-founder of the safety agency Action1. “Attackers exploiting this flaw could gain SYSTEM privileges, making it an efficient method for escalating privileges, especially after initial access through methods like phishing.”
The remaining zero day on this month’s Patch Tuesday is an issue within the “Windows Cloud Files Mini Filter Driver” tracked as CVE-2023-36036 that impacts Windows 10 and later, in addition to Windows Server 2008 at later. Microsoft says it’s comparatively simple for attackers to use CVE-2023-36036 as a solution to elevate their privileges on a compromised PC.
Beyond the zero day flaws, Breen mentioned organizations working Microsoft Exchange Server ought to prioritize a number of new Exchange patches, together with CVE-2023-36439, which is a bug that might permit attackers to put in malicious software program on an Exchange server. This weak spot technically requires the attacker to be authenticated to the goal’s native community, however Breen notes {that a} pair of phished Exchange credentials will present that entry properly.
“This is typically achieved through social engineering attacks with spear phishing to gain initial access to a host before searching for other vulnerable internal targets – just because your Exchange Server doesn’t have internet-facing authentication doesn’t mean it’s protected,” Breen mentioned.
Breen mentioned this vulnerability goes hand in hand with three different Exchange bugs that Microsoft designated as “exploitation more likely:” CVE-2023-36050, CVE-2023-36039 and CVE-2023-36035.
Finally, the SANS Internet Storm Center factors to two extra bugs patched by Microsoft this month that aren’t but displaying indicators of lively exploitation however that had been made public previous to right now and thus deserve prioritization. Those embrace: CVE-2023-36038, a denial of service vulnerability in ASP.NET Core, with a CVSS rating of 8.2; and CVE-2023-36413: A Microsoft Office safety characteristic bypass. Exploiting this vulnerability will bypass the protected mode when opening a file obtained through the online.
Windows customers, please think about backing up your information and/or imaging your system earlier than making use of any updates. And be at liberty to pontificate within the feedback when you expertise any difficulties on account of these patches.