In a bid to tackle security vulnerabilities, Microsoft Corp. has released software updates to address 130 security bugs in its Windows operating systems and related software. Among these vulnerabilities, at least five flaws have already been actively exploited. Meanwhile, Apple customers are facing their own zero-day vulnerabilities. On Monday, Apple issued an emergency update to fix a zero-day vulnerability that was being exploited on MacOS and iOS devices. However, the update was quickly pulled due to reported issues with loading certain websites. Apple is expected to re-release the patches once these glitches have been resolved.
Apple’s Rapid Security Response updates, launched in May, aim to address time-sensitive vulnerabilities. This is the second month in a row that Apple has utilized this update feature. It is worth noting that this month marks the sixth time this year that Apple has released updates for zero-day vulnerabilities, which are vulnerabilities that are exploited by malware or malicious actors before an official patch is available. It is recommended that Apple device users check the patch status of their devices and ensure that automatic updates are enabled. The latest security update containing the fix for the zero-day bug should be available in iOS/iPadOS 16.5.1, macOS 13.4.1, and Safari 16.5.2.
On the Windows side, Microsoft has patched several vulnerabilities this month, including four that are already being actively attacked. These vulnerabilities have high CVSS (Common Vulnerability Scoring System) scores, indicating their severity. The vulnerabilities include a hole in Windows SmartScreen that allows malware to bypass security warning prompts, as well as a flaw in Microsoft Outlook that enables attackers to bypass security features. Two other zero-day threats affect Windows and involve privilege escalation flaws. These vulnerabilities allow attackers to elevate their privileges and gain greater control over the compromised system.
However, it is surprising that one of the five zero-day vulnerabilities does not yet have a patch. This vulnerability, known as CVE-2023-36884, is a remote code execution weakness in Microsoft Office and Windows. Microsoft is actively investigating this publicly disclosed vulnerability and promises to provide further guidance as soon as possible. Exploitation of this vulnerability has been linked to a cybercriminal group named RomCom, which is believed to operate in support of Russian intelligence operations. The same threat actor has also been associated with ransomware attacks targeting a wide range of victims.
While a patch for CVE-2023-36884 may be issued as part of next month’s Patch Tuesday, it is advisable for administrators to be prepared for an out-of-cycle security update. Microsoft Office is widely deployed, and this threat actor is known for its sophisticated attacks. Microsoft has provided a Windows registry hack that can help mitigate attacks on this vulnerability, and it has also published a blog post about phishing campaigns associated with the threat actor.
In addition to addressing these vulnerabilities, Microsoft is taking steps to combat the use of cryptographically signed malware. Sophos, Trend Micro, and Cisco previously warned that ransomware criminals were using signed, malicious drivers to evade antivirus and endpoint detection and response (EDR) tools. Sophos has identified 133 malicious Windows driver files that were digitally signed since April 2021, with 100 of them being signed by Microsoft. In response, Microsoft is implementing measures to prevent these malicious driver files from running on Windows computers.
However, security researchers have discovered that hackers are bypassing Microsoft’s efforts to prevent the execution of maliciously signed drivers. They are using open-source software popular among video game cheaters to digitally sign malicious system drivers. These drivers allow them to modify video games and gain an unfair advantage. This poses a significant challenge, as the drivers can bypass the fortified layer of the Windows operating system, known as the kernel. Threat groups, particularly Chinese-speaking ones, have repurposed these tools to give their malware capabilities it wouldn’t otherwise have.
For Windows users, it is advisable to carefully consider the available patches before updating. Websites like AskWoody.com usually provide information on any known issues with patches. Additionally, backing up systems or important documents and data before applying updates is recommended to mitigate any potential problems. Users who encounter any issues with these updates are encouraged to report them.