12 Jul, 2023

Microsoft Releases Security Patches for 132 Vulnerabilities, 6 of which are under Active Attack

Microsoft on Tuesday released updates to fix a total of 132 new vulnerabilities covering its software. Among these vulnerabilities are six zero-day vulnerabilities that are stated to be used in active attacks. Nine of the 130 vulnerabilities were rated as "Critical", while 121 were classified as "Important". This adds to the eight vulnerabilities that the tech giant fixed in the Chromium-based Edge browser late last month.

The list of actively hacked issues is as follows:

  • CVE-2023-32046 (CVSS score: 7.8) – Windows MSHTML Platform Elevation Vulnerability
  • CVE-2023-32049 (CVSS score: 8.8) – Windows SmartScreen Security Feature Bypass Vulnerability
  • CVE-2023-35311 (CVSS score: 8.8) – Microsoft Outlook Security Feature Bypass Vulnerability
  • CVE-2023-36874 (CVSS score: 7.8) – Windows Bug Reporting Service Elevation Vulnerability
  • CVE-2023-36884 (CVSS score: 8.3) – Office and Windows HTML Remote Code Execution Vulnerability (Also a publicly known vulnerability at time of release)
  • ADV230001 – Abuse of Microsoft signed drivers for subsequent attack activities (no CVE assigned)

The Windows manufacturer said it was aware of targeted attacks against defense and government agencies in Europe and North America using custom-built Microsoft Office document traps that implicated CVE-2023-36884. This is a case that echoes BlackBerry's latest findings. “An attacker could create a specially created Microsoft Office document that allows remote code execution in the context of the victim,” Microsoft said in its statement. “However, the attacker must convince the victim to open the malicious file.”

The company reported the attack to a Russian-based cybercriminal group, which it tracks as Storm-0978, also known as RomCom, Tropical Scorpius, UNC2596 and Void Rabisu. “The attacker also distributes Underground ransomware, which is closely related to Industrial Spyware first observed in the field in May 2022,” the Microsoft Threat Intelligence team explained. “The last campaign of the attacker, detected in June 2023, was about delivering a backdoor with similarities to RomCom by abusing CVE-2023-36884.”

The latest phishing attacks by this attacker have been with the use of a remote access trojan called RomCom RAT against various Ukrainian and pro-Ukrainian targets in Eastern Europe and North America. While RomCom was originally identified as a group associated with Cuban ransomware, as of July 2023 it has been identified as being linked to a new variant called Industrial Espionage and Underground, and it shows considerable source code similarity to these software. Microsoft has stated that it intends to "take appropriate action" to protect its customers, either through an "emergency update" or a monthly security update process. In the absence of a patch for CVE-2023-36884, the company advises users to use the attack surface reduction (ASR) rule "Prevent all Office applications from creating child processes".

In addition, Redmond noted that by exploiting the Windows policy vulnerability, it revoked code-signing certificates used to sign and install malicious kernel-mode drivers on compromised systems using open-source tools such as HookSignTool and FuckCertVerifyTimeValidity to change the signing date of prehistoric drivers before July 29, 2015. These findings show that rogue kernel-mode drivers are becoming popular with threat actors because it is possible to ensure long-term persistence when running on Windows at the highest privilege level, while simultaneously preventing detection by blocking security software from running. Software Updates from Other Software Vendors In addition to Microsoft, security updates have also been released to fix various vulnerabilities by many other vendors over the past few weeks. These suppliers include Adobe, AMD, Android, Apache Projects, Apple (later withdrawn), Aruba Networks, Cisco, Citrix, CODESYS, Dell, Drupal, F5, Fortinet, GitLab, Google Chrome, Hitachi Energy, HP, IBM, Juniper Linux distributions such as Networks, Lenovo, Debian, Oracle Linux, Red Hat, SUSE and Ubuntu, MediaTek, Mitsubishi Electric, Mozilla Firefox, Firefox ESR and Thunderbird, NETGEAR, NVIDIA, Progress MOVEit Transfer, Qualcomm, Samsung, SAP, Schneider Electric, Siemens , Synology, VMware, Zoom, and Zyxel.


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
Microsoft has released an update to close 132 vulnerabilities. 6 zero-day exploits were used in active attacks. Nine of the vulnerabilities were rated as "critical". Details are in our content.
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram