6 Actively Exploited Zero-Days and 132 Flaws Patched – Microsoft Security Update

A total of 132 new security flaws in Microsoft’s products were patched, including six zero-day issues that the company claimed were being actively used in the wild.

Nine of the 130 vulnerabilities have a severity rating of ‘Critical,’ while 121 have a rating of ‘Important’.

This is in addition to the eight bugs that Microsoft patched in its Edge browser, which is based on Chromium, at the end of the previous month.

Further, 37 RCE flaws have been fixed by Microsoft. Nevertheless, one of the RCE issues is still present and unpatched, and several cybersecurity companies have observed attacks that actively use it.

Six Vulnerabilities That Are Actively Exploited

Six zero-day vulnerabilities that were all exploited in attacks and one of which was made public were fixed in this month’s Patch Tuesday.

Notably, if a vulnerability is publicly reported or actively used and no official remedy is available, Microsoft describes it as a zero-day vulnerability.

CVE 2023-32046 – Windows MSHTML Platform Elevation of Privilege Vulnerability

Microsoft Threat Intelligence Center discovered an actively used vulnerability in Windows MSHTML that allowed for privilege escalation.

It was accessed by viewing a specially crafted file via spam email or malicious websites.

An attacker might take advantage of the flaw in an email attack by emailing the victim a specially designed file and persuading them to open it.

In a web-based attack scenario, an attacker may run a website (or make use of a website that has been hacked that accepts or hosts user-provided content) that contains a specially created file intended to exploit the vulnerability.

“The attacker would gain the rights of the user that is running the affected application,” reads Microsoft’s advisory.

CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability

Attackers used this flaw to prevent the Open File – Security Warning popup from appearing while downloading and accessing files from the Internet.

“The attacker would be able to bypass the Open File – Security Warning prompt”, Microsoft.

Microsoft claims that the Microsoft Threat Intelligence Centre internally found the problem.

CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability

In this case, threat actors were able to get administrator rights on the Windows device by actively exploiting the elevation of privileges bug. The bug was discovered by Vlad Stolyarov and Maddie Stone of Google Threat Analysis Group (TAG).

“An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default,” Microsoft.

CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability

Microsoft is looking into claims of many remote code execution flaws affecting Office and Windows products. Microsoft is aware of specific attacks that try to use specially created Microsoft Office documents to exploit these flaws.

To execute remote code execution in the victim’s context, an attacker might produce a specially crafted Microsoft Office document. To open the infected file, the victim would need to be enticed to do so by the attacker.

“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs”, Microsoft.

According to Microsoft, users who utilize Microsoft Defender for Office and the Attack Surface Reduction Rule “Block all Office applications from creating child processes” are shielded against attachments that try to make use of this vulnerability.

Those who are not using these protections can add the following application names to the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key as values of type REG_DWORD with data 1.

• Excel.exe
• Graph.exe
• MSAccess.exe
• MSPub.exe
• PowerPoint.exe
• Visio.exe
• WinProj.exe
• WinWord.exe
• Wordpad.exe

Microsoft Threat Intelligence, Google’s Threat Analysis Group (TAG), Vlad Stolyarov, Clement Lecigne, Bahare Sabouri, Paul Rascagneres, Tom Lancaster, and the Microsoft Office Product Group Security Team all reported this problem.

ADV230001 – Guidance on Microsoft Signed Drivers Being Used Maliciously

Code-signing certificates and developer accounts used to install malicious kernel-mode drivers by abusing a Windows policy vulnerability have been revoked by Microsoft.

Microsoft has issued a warning outlining the suspension of all related developer accounts and the revocation of any misused certificates.

“Microsoft was informed that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems before the use of the drivers,” explains Microsoft.

CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability

Microsoft has updated Microsoft Outlook to address an actively exploited zero-day vulnerability that gets around security alerts and operates in the preview pane. The person who reported this vulnerability requested anonymity.

“The attacker would be able to bypass the Microsoft Outlook Security Notice prompt,” explains Microsoft.

List Of The Number Of Bugs In Each Kind Of Vulnerability

• 33 Elevation of Privilege Vulnerabilities
• 13 Security Feature Bypass Vulnerabilities
• 37 Remote Code Execution Vulnerabilities
• 19 Information Disclosure Vulnerabilities
• 22 Denial of Service Vulnerabilities
• 7 Spoofing Vulnerabilities

Over the past few weeks, security updates have also been provided by various other vendors in addition to Microsoft to address several vulnerabilities, including Adobe, Apple, Aruba Networks, Cisco, Citrix, Dell, Drupal, F5, Fortinet, GitLab, Google Chrome, Lenovo and much more.