Microsoft has issued an update addressing 59 vulnerabilities across its suite of products, including two critical zero-day vulnerabilities that have already been exploited by malicious actors. This release highlights the ongoing threat landscape, with the tech giant emphasizing the risks posed by active exploitation of these flaws.
Among the 59 vulnerabilities fixed, five have been classified as Critical, 55 as Important, and one as Moderate. This update supplements the 35 vulnerabilities patched in the Chromium-based Edge browser during last month’s Patch Tuesday, which also encompassed a critical heap buffer overflow vulnerability identified as CVE-2023-4863 in the WebP image format.
Within the recent patches, two vulnerabilities warrant particular attention due to their exploitation in the wild. The first, CVE-2023-36761, related to an information disclosure issue in Microsoft Word with a CVSS score of 6.2. The second, CVE-2023-36802, is noted for its potential to enable privilege escalation in the Microsoft Streaming Service Proxy, possessing a CVSS score of 7.8.
According to Microsoft’s advisory, exploiting CVE-2023-36761 could expose sensitive NTLM hashes, while CVE-2023-36802 could facilitate an attacker in acquiring SYSTEM-level privileges. Current details regarding the nature of these attacks and the identities of the adversaries remain sparse, underlining the necessity for ongoing vigilance among organizations.
Experts have raised concerns regarding the accessibility of these exploits, highlighting that user interaction is not required for CVE-2023-36761; previewing a malicious Word document is sufficient to trigger the exploit. This underscores potential risks for businesses that rely on standard productivity tools.
In the broader cybersecurity context, Microsoft isn’t alone in proactively issuing patches. Numerous other vendors have recently released critical updates to address various vulnerabilities. This includes security fixes from Adobe, Apple, and others in the tech ecosystem, demonstrating a concerted effort to mitigate emerging threats.
These incidents align closely with several tactics outlined in the MITRE ATT&CK framework. Techniques such as “Initial Access” for exploiting vulnerabilities to gain entry, “Privilege Escalation” for leveraging flaws to obtain higher privileges, and “Credential Access” relevant to NTLM hash exposure, illustrate the multifaceted approach attackers utilize in these scenarios. Monitoring and proactive measures are critical for minimizing exposure to such vulnerabilities.
Organizations must prioritize cybersecurity hygiene, continuously update software, and educate employees on the risks of opening potentially malicious documents. As the landscape of cyber threats evolves, staying informed about vulnerabilities and maintaining robust defensive measures will be paramount for business owners keen on protecting their assets.
As the cybersecurity environment develops, following credible sources for updates and advisories through platforms like Google News, Twitter, and LinkedIn will facilitate timely awareness of emerging threats, ensuring organizations can adapt swiftly to safeguard their operations.
