Microsoft has launched program fixes to remediate 59 bugs spanning its product portfolio, such as two zero-day flaws that have been actively exploited by malicious cyber actors.
Of the 59 vulnerabilities, five are rated Critical, 55 are rated Crucial, and one particular is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based mostly Edge browser since last month’s Patch Tuesday edition, which also encompasses a deal with for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP impression format.
The two Microsoft vulnerabilities that have come under energetic exploitation in actual-entire world attacks are outlined underneath –
- CVE-2023-36761 (CVSS score: 6.2) – Microsoft Phrase Data Disclosure Vulnerability
- CVE-2023-36802 (CVSS rating: 7.8) – Microsoft Streaming Support Proxy Elevation of Privilege Vulnerability
“Exploiting this vulnerability could let the disclosure of NTLM hashes,” the Windows maker stated in an advisory about CVE-2023-36761, stating CVE-2023-36802 could be abused by an attacker to achieve Procedure privileges.
Exact information surrounding the nature of the exploitation or the id of the threat actors behind the assaults are now unknown.
“Exploitation of [CVE-2023-36761] is not just minimal to a probable target opening a malicious Term doc, as merely previewing the file can cause the exploit to bring about,” Satnam Narang, senior workers research engineer at Tenable, reported. Exploitation would let for the disclosure of New Technology LAN Supervisor (NTLM) hashes.”
“The initially was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed in the March Patch Tuesday release.”
Other vulnerabilities of note are numerous remote code execution flaws impacting Internet Connection Sharing (ICS), Visual Studio, 3D Builder, Azure DevOps Server, Windows MSHTML, and Microsoft Exchange Server and elevation of privilege issues in Windows Kernel, Windows GDI, Windows Widespread Log File System Driver, and Office environment, amongst other individuals.
Software program Patches from Other Distributors
Other than Microsoft, security updates have also been unveiled by other distributors in excess of the previous few months to rectify quite a few vulnerabilities, together with –
- Adobe
- Android
- Apache Tasks
- Apple
- Aruba Networks
- ASUS
- Cisco
- Citrix
- Dell
- Drupal
- F5
- GitLab
- Google Chrome
- Hitachi Vitality
- HP
- IBM
- Jenkins
- Juniper Networks
- Lenovo
- Linux distributions Debian, Oracle Linux, Pink Hat, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electric
- Mozilla Firefox, Firefox ESR, and Thunderbird
- NETGEAR
- Notepad++
- NVIDIA
- Qualcomm
- Samsung
- SAP
- Schneider Electric
- Siemens
- SolarWinds
- Splunk
- Spring Framework
- Synology
- TP-Hyperlink
- Development Micro
- Veeam
- VMware
- Zimbra, and
- Zoom
Identified this report attention-grabbing? Follow us on Twitter and LinkedIn to browse additional distinctive content we put up.
Some parts of this article are sourced from:
thehackernews.com