Microsoft 2023 Critical and Important Vulnerabilities (CVE-2023-36884)
CVE-2023-36884 | Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-36884 is an RCE (Remote Code Execution) vulnerability in Microsoft Windows and Office, assigned a CVSSv3 score of 8.3. Additionally, this vulnerability has been actively exploited in the field as a zero-day. At the time of this writing and disclosure, Microsoft had not released any patches to address this vulnerability. However, Microsoft provided guidance on measures that can be taken to prevent exploitation of this vulnerability.
According to Microsoft researchers, the exploitation of CVE-2023-36884 is attributed to a threat actor known as Storm-0978, also referred to as DEV-0978 and RomCom. The threat actor is alleged to be based in Russia and is known for orchestrating ransom attacks involving the use of a ransomware called Underground, specializing in extortion campaigns. The group is also involved in intelligence-gathering operations based on identity theft. The exploitation of CVE-2023-36884 began in June 2023, with targeted regions including Ukraine, North America, and Europe, and targeted industries comprising telecommunications and finance.
Tenable has released Plugin ID 178275, which can be used to identify a Windows host that may lack measures against CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability. To execute the plugin, users need to enable the "Show potential false alarms" setting, also known as paranoid mode.
We recommend enabling only this specific plugin in a paranoid scan. Enabling scan policies with all plugins will result in an increase in trigger counts, as it includes all paranoid plugins during the scan.
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a zero-day remote code execution vulnerability exploited via...
CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2023-35311 is a security feature bypass vulnerability in Microsoft Outlook. It has been assigned a CVSSv3 score of 8.8 and has been actively used as a zero-day in the field. Exploiting this vulnerability requires an attacker to persuade a potential victim to click on a malicious URL. A successful exploit will bypass the Microsoft Outlook Security Alert window, circumventing a feature designed to protect users. While Microsoft identifies the Preview pane feature in Outlook as an attack vector, user interaction is still required.
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
CVE-2023-32046 | Windows MSHTML Privilege Escalation Vulnerability
CVE-2023-32046 is a Privilege Escalation (EoP) vulnerability in Microsoft's MSHTML (Trident) engine, actively used as a zero-day in the field. It has been assigned a CVSSv3 score of 7.8, and patches are available for all supported versions of Windows. To exploit this vulnerability, an attacker needs to create a specially crafted file and use social engineering techniques to convince their targets to open the document. Microsoft's advisory also includes a note recommending users who only install security updates to also install the Internet Explorer Cumulative update to fully address this vulnerability.
The discovery of CVE-2023-32046 follows the patching of CVE-2021-40444 as part of Microsoft's September 2021 Patch Tuesday release. CVE-2021-40444 was another zero-day in MSHTML and was utilized by various threat actors, including advanced persistent threat actors and ransomware groups. While CVE-2021-40444 didn't make our top 5 list in the 2021 Threat Landscape Retrospective, it was still a notable vulnerability that nearly made the list.
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
CVE-2023-36874 | Windows Error Reporting Service Privilege Escalation Vulnerability
CVE-2023-36874 is a Privilege Escalation (EoP) vulnerability in the Microsoft Windows Error Reporting Service, actively exploited as a zero-day. It has been assigned a CVSSv3 score of 7.8. To exploit this vulnerability, an attacker must already have local access to the target system and possess specific baseline user privileges. A successful exploit would allow the attacker to obtain administrative privileges on the target system. The discovery of this vulnerability is credited to researchers Vlad Stolyarov and Maddie Stone from Google's Threat Analysis Group (TAG).
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-32049 is a security feature bypass vulnerability affecting Windows SmartScreen. SmartScreen is designed as an early warning system providing protection against malicious websites, particularly those used for phishing attacks or the distribution of malicious software. To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted URL. The exploitation allows the attacker to bypass the "Open File" warning prompt, putting the victim's machine at risk. This vulnerability has been actively used as a zero-day in the field, and it has been assigned a CVSSv3 score of 8.8.
This vulnerability shares similarities with other Mark of the Web (MOTW) bypasses patched by Microsoft. These vulnerabilities involve situations where malicious files can bypass MOTW defenses. CVE-2022-44698 serves as another example of a zero-day vulnerability actively used in the field and patched in the December 2022 Patch Tuesday release.
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
Source :https://www.turkhackteam.org/konula...ve-important-aciklari-cve-2023-36884.2048735/
