Microsoft issued fixes for just 38 CVEs this month, including three zero-day vulnerabilities.
Although this month’s Patch Tuesday update round is one of the smallest this year, experts warned that system administrators should move quickly to enforce the zero days, two of which they are actively exploiting in the wild.
The first is CVE-2023-29336, an elevation of privilege vulnerability in Win32k that grants privileges to the attacking system, allowing them to increase access rights. Although an attacker must first have basic privileges on a system, this is done quite easily through a phishing attack or credential harvesting.
“It has a local attack vector, meaning the attacker needs access to the target system. The complexity of the attack is low and requires minimal privileges and no user interaction,” explained Mike Walters, vice president of ‘Investigation of vulnerabilities and threats in Action1.
“At this time, there are no workarounds or workarounds available, making installing the updates the most effective way to mitigate risk and ensure the security of your systems.”
Read more about Microsoft’s zero-day vulnerabilities: Microsoft fixes three zero-days on May Patch Tuesday.
The second CVE that is actively exploited in the wild is CVE-2023-24932 – a low-complexity boot security vulnerability that also requires no user interaction.
An attacker would need physical or administrator access to a target system to exploit the CVSS 6.7 classification vulnerability, Walters said.
“Successful exploitation of this vulnerability allows an attacker to bypass Secure Boot, thereby allowing the loading of malicious drivers or malware without Microsoft’s trusted signatures during Windows startup,” it explained.
“To address this vulnerability, a security update has been released that updates the Windows Boot Manager. However, it is important to note that this update is not enabled by default. To mitigate the vulnerability, you must follow three steps essentials detailed in Microsoft article KB5025885.
The last zero-day patch this month is CVE-2023-29325: A critical remote code execution bug in Windows OLE. A proof of concept is available for the bug, meaning attacks in the wild won’t be far off.
“With this vulnerability, simply looking at a carefully crafted malicious email in Outlook’s preview pane is enough to allow remote code execution and potentially compromise the recipient’s computer,” explained researcher Yoav Iellin senior from Silverfort.
“At this stage, we believe that Outlook users will be the main attack vector, although it also has the potential to be used in other Office programs. We recommend that you ensure that client Windows machines and the Office software are fully up-to-date and consider following the workaround provided by Microsoft while implementing the patch.
Source link
Ikaroa is proud to announce the news that Microsoft has patched three Zero-Day bugs earlier this month. Microsoft has kept their customers and the public informed about their efforts to patch these dangerous security flaws and is taking their responsibility to provide secure products and services to both their loyal customers and the wider public seriously.
The threeZero-Day bugs were discovered in Microsoft Exchange Server, the enterprise server for Microsoft Outlook messaging and collaboration software. Microsoft promptly released updates to address the security vulnerabilities and released multiple security advisories detailing the full impacts of the flaws.
At Ikaroa, we understand the importance of keeping our customers safe and secure and are pleased with Microsoft’s prompt response to patch these important vulnerabilities. We would like to remind customers to apply these updates as soon as possible to protect their data and information from cyber threats.
Microsoft has also provided a set of best practices to help organizations reduce their risk of exploitation, including making sure their Microsoft Exchange servers are up to date and running the latest versions of their software versions. At Ikaroa, we offer full stack solutions to help businesses stay on top of their security and ensure their networks remain secure.
We applaud Microsoft for taking a proactive approach to addressing these Zero-Day bugs and encourage all organizations to apply the necessary security patches to keep their networks and data safe.
