On Tuesday, Microsoft announced the release of significant software updates addressing a total of 132 security vulnerabilities, among which are six zero-day flaws that have been actively exploited by cybercriminals. This update reflects a substantial effort to fortify their software against ongoing threats, underlining the vulnerabilities present across multiple platforms.
Among the 132 vulnerabilities identified, nine have been classified as Critical, a further 122 have been deemed Important, and one received a severity rating of “None.” This announcement follows a previous patch that resolved eight issues in the Microsoft Edge browser last month, highlighting the continuous need for vigilance in software security.
The specifics of the vulnerabilities currently under active exploitation include CVE-2023-32046, characterized as a Windows MSHTML Platform Elevation of Privilege Vulnerability and rated with a CVSS score of 7.8. Other notable vulnerabilities include CVE-2023-32049, a Windows SmartScreen Security Feature Bypass with a CVSS score of 8.8, and CVE-2023-36884, which allows remote code execution through Office and Windows HTML components. Notably, CVE-2023-36884 has been associated with recent targeted attacks against defense and government sectors in both Europe and North America.
Microsoft noted an alarming trend where attackers are leveraging specially crafted Office documents as lures, specifically targeting entities associated with the Ukrainian World Congress. This tactic is indicative of initial access strategies outlined in the MITRE ATT&CK framework, where adversaries seek to gain entry via social engineering methods.
Moreover, the software giant has identified a connection between these attacks and a Russian cybercriminal group known as Storm-0978, also referred to as RomCom or UNC2596. This group has utilized the Underground ransomware, which is notably similar to the Industrial Spy ransomware observed since May 2022. Their latest campaign has been detected using the aforementioned vulnerabilities, reinforcing the need for heightened protective measures.
As a response to the threats posed by vulnerabilities like CVE-2023-36884, Microsoft is advising users to apply necessary updates promptly and has implemented temporary measures such as the “Block all Office applications from creating child processes” attack surface reduction rule. The recommendation reflects a proactive approach to addressing potential exploitation.
Additionally, Microsoft has taken steps to revoke code-signing certificates that had been manipulated by attackers to install malicious kernel-mode drivers, exploiting a Windows policy loophole. This action underscores a growing trend among threat actors who utilize rogue drivers to operate at higher privilege levels, enabling prolonged presence within targeted systems, thereby undermining security software.
While there are other vulnerabilities included in the update, the full scope of their exploitation remains unclear. Therefore, timely application of updates is critical for mitigating potential threats. In parallel, various software vendors have reported their own updates to address security vulnerabilities, exemplifying the ongoing battle against cyber threats.
Overall, the recent developments emphasize the urgency for organizations to prioritize cybersecurity measures. The identified exploits not only threaten individual entities but also pose risks to broader national security interests. Cybersecurity professionals and business owners should remain vigilant in applying necessary patches and adopting robust security practices to defend against both current and emerging threats in the digital landscape.
Cybersecurity diligence must not only focus on immediate vulnerabilities as highlighted by these attacks but also consider the broader implications of persistent threats. With sophisticated tactics evolving, the business community is reminded of the importance of maintaining a robust security posture through continuous monitoring and strategic mitigation efforts.
