Microsoft's Patch Tuesday is already a classic, but it is becoming increasingly important. Companies should therefore always patch the systems immediately. Two current zero-day vulnerabilities are not rated extremely high with a CVSSv3 score of 6.2 and 7.8, respectively, but they are currently being attacked because they are so widespread.
This month's Patch Tuesday includes fixes for 61 CVEs, five of which are rated critical, 55 rated important, and one rated moderate. Microsoft has also fixed two zero-day vulnerabilities that have already been exploited in the wild. Commenting on this month's Patch Tuesday was Satnam Narang, Senior Staff Research Engineer at Tenable.
Word is always worth attacking
CVE-2023-36761 is an information leaking vulnerability in Microsoft Word rated Important with a CVSSv3 score of 6.2. Exploitation of this vulnerability is not limited to an attack victim opening a malicious Word document. Just previewing the file can trigger the vulnerability to be exploited. Exploitation would allow the disclosure of New Technology LAN Manager (NTLM) hashes. This is the second zero-day vulnerability in Microsoft products in 2023 that has led to the disclosure of NTLM hashes. The first was CVE-2023-23397, a vulnerability in Microsoft Outlook that was disclosed in March's Patch Tuesday release.
CVSS 7.8: Microsoft Streaming Service
CVE-2023-36802 is a vulnerability in Microsoft Streaming Service Proxy that has a CVSSv3 score of 7.8 and is classified as important. This is the eighth elevated zero-day vulnerability exploited in the wild in 2023. Attackers have countless ways to break into companies. Simply gaining access to a system is not always enough. Elevation of privilege vulnerabilities become all the more valuable, especially in zero-day attacks.”
Of the fixes for 61 CVEs, only five were classified as critical. However, the critical gaps affect a lot of Microsoft products and modules. We therefore recommend taking a look at the list of all patches mentioned published by Microsoft.
More at Microsoft.com
About Microsoft Germany Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning. As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.