Microsoft has launched software program fixes to remediate 59 bugs spanning its product portfolio, together with two zero-day flaws which have been actively exploited by malicious cyber actors.
Of the 59 vulnerabilities, 5 are rated Vital, 55 are rated Essential, and one is rated Average in severity. The replace is along with 35 flaws patched within the Chromium-based Edge browser since final month’s Patch Tuesday version, which additionally encompasses a repair for CVE-2023-4863, a vital heap buffer overflow flaw within the WebP picture format.
The 2 Microsoft vulnerabilities which have come underneath lively exploitation in real-world assaults are listed under –
- CVE-2023-36761 (CVSS rating: 6.2) – Microsoft Phrase Info Disclosure Vulnerability
- CVE-2023-36802 (CVSS rating: 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
“Exploiting this vulnerability may enable the disclosure of NTLM hashes,” the Home windows maker mentioned in an advisory about CVE-2023-36761, stating CVE-2023-36802 may very well be abused by an attacker to realize SYSTEM privileges.
Precise particulars surrounding the character of the exploitation or the identification of the menace actors behind the assaults are presently unknown.
“Exploitation of [CVE-2023-36761] is not only restricted to a possible goal opening a malicious Phrase doc, as merely previewing the file may cause the exploit to set off,” Satnam Narang, senior workers analysis engineer at Tenable, mentioned. Exploitation would enable for the disclosure of New Expertise LAN Supervisor (NTLM) hashes.”
“The primary was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed within the March Patch Tuesday launch.”
Different vulnerabilities of word are a number of distant code execution flaws impacting Web Connection Sharing (ICS), Visible Studio, 3D Builder, Azure DevOps Server, Home windows MSHTML, and Microsoft Alternate Server and elevation of privilege points in Home windows Kernel, Home windows GDI, Home windows Frequent Log File System Driver, and Workplace, amongst others.
Software program Patches from Different Distributors
Aside from Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with –
