Microsoft scrambles zero-day fixes in bumper patch crop

By

Multiple vulnerabilities exploited in the wild.

Microsoft’s monthly patch day brings with it a warning of an as-yet-unpatched zero-day vulnerability in which Word documents are the attack vector.

Microsoft scrambles zero-day fixes in bumper patch crop

In a blog post, Microsoft accused a Russian threat actor dubbed “Storm-0978” of using CVE-2023-36884 to try and install backdoors on target systems.

The group then conducts ransomware attacks, or uses their access for espionage, Microsoft said.

Infected Word files are detected by Windows Defender, the post said. 

Other exploited bugs patched this month include:

  • CVE-2023-35311, an Outlook security feature vulnerability
  • CVE-2023-32046, an escalation of privilege exploitable by a crafted file in an email or on a website
  • CVE-2023-32049, a security feature bypass vulnerability with Windows SmartScreen
  • CVE-2023-36874, a local privilege escalation vulnerability

Critical vulnerabilities (with a CVSS score greater than 9) disclosed today include CVE-2023-32057, a vulnerability in Microsoft message queuing that results in remote code execution (RCE); CVE-2023-33150, a security feature bypass in Office; and CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367, a trio of RCE vulnerabilities in the Windows routing and remote access service.

The SANS Institute’s Patch Tuesday roundup states there are a total of 132 fixes released by Microsoft today.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
microsoftpatch tuesdaysecurity

Sponsored Whitepapers

Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?