Patchday: Attackers bypass Windows protection mechanism
Attackers are currently attacking Windows and compromising systems with malicious code. The vulnerability has been known for last month – but a security update is only available now. Microsoft has also released important patches, including for Azure, Edge and SharePoint Server.
Advertisement
Security barrier torn down
The exploited vulnerability (CVE-2023-36884 “high”) affects Windows Search. The extent of the attacks is not known at this time. It appeared in the context of Office on patch day in July. For an attack to be successful, however, victims must play along and click on a link prepared by attackers in a chat or email.
When this happens, the Mark of the Web (MOTW) protection mechanism is disabled. This ensures that files downloaded from the Internet are marked as such and are opened in protected mode in Office, for example. This procedure blocks the execution of macros, for example. Without MOTW, malicious code can enter systems after opening a manipulated document. The macro way is very popular for distribution of ransomware trojans.
Critical malicious code gaps
Three gaps (CVE-2023-35385, CVE-2023-36910, CVE-2023-3691) in Microsoft’s network protocol Message Queuing are considered “critical”. Attackers should be able to attack the vulnerability remotely without authentication in order to execute malicious code in the context of the protocol on a server. How an attack could proceed is not yet known.
Other malicious code vulnerabilities affect teams (CVE-2023-29328 “high”, CVE-2023-29330 “high”). But for such an attack, attackers have to get victims to join a Teams group they created.
Advertisement
Even more vulnerabilities
Attackers can also target Exchange Server and acquire higher user rights or even execute malicious code. Office Visio is also vulnerable to malicious code attacks. Leaking of information is possible on SharePoint servers.
Microsoft lists further information on security gaps closed on this patch day in its Security Update Guide.
(of the)
Home
#Patchday #Attackers #bypass #Windows #protection #mechanism
