In Microsoft’s recent Patch Tuesday release for August, the tech giant addressed a total of 74 security issues, including two zero-day vulnerabilities that were actively exploited. Among the vulnerabilities fixed, 23 were categorized as Remote Code Execution (RCE) flaws, while the remaining ones had various severities.
Out of the 23 RCE vulnerabilities, Microsoft classified six as ‘Critical’ while the rest were labeled ‘Important’. However, it is worth noting that the severity rating is still significant, as any vulnerability can potentially lead to security breaches and unauthorized access.
The Patch Tuesday release also identified different types of vulnerabilities that were addressed. These included 18 Elevation of Privilege vulnerabilities, 3 Security Feature Bypass vulnerabilities, 23 Remote Code Execution vulnerabilities, 10 Information Disclosure vulnerabilities, 8 Denial of Service vulnerabilities, and 12 Spoofing vulnerabilities.
It is important to mention that twelve vulnerabilities in Microsoft Edge (Chromium), which were addressed earlier in the month, were not included in this particular release.
Among the vulnerabilities fixed, two were actively exploited in the wild, qualifying them as zero-day vulnerabilities. The first zero-day vulnerability is known as ADV230003 – Microsoft Office Defense in Depth Update (publicly disclosed). This vulnerability addressed a patch bypass that allowed threat actors to exploit a previously mitigated remote code execution vulnerability, CVE-2023-36884. By employing specially crafted Microsoft Office documents, threat actors were able to bypass the Mark of the Web (MoTW) security feature, allowing them to execute remote code without generating a security warning. This vulnerability was actively exploited by the RomCom hacker group, previously known for using the Industrial Spy ransomware in their attacks.
The second zero-day vulnerability fixed in the Patch Tuesday release is CVE-2023-38180 – .NET and Visual Studio Denial of Service Vulnerability. This vulnerability, which was actively exploited, had the potential to cause a Denial of Service (DoS) attack on Visual Studio and .NET applications. Unfortunately, Microsoft did not disclose who discovered the vulnerability or provide any additional information regarding the nature of the attacks.
Additionally, Microsoft addressed three severe vulnerabilities related to Microsoft Message Queuing Remote Code Execution (CVE-2023-35385/36910/36911). These vulnerabilities, with a Common Vulnerability Scoring System (CVSS) score of 9.8, allowed a remote anonymous attacker to execute malicious code on a vulnerable server running the Message Queuing service.
Microsoft has made the full list of vulnerabilities fixed in the August 2023 release available on their official website.
As cyber threats continue to evolve, it is crucial for users to stay informed about the latest security updates and vulnerabilities. By regularly updating their software and following reputable cybersecurity news sources, users can protect themselves against potential threats.
To stay up-to-date with the latest cybersecurity news, users are encouraged to follow reliable sources on platforms such as Google News, LinkedIn, Twitter, and Facebook.