Patchday: Attackers attack Microsoft Word, among other things

Users of Microsoft software should ensure that applications are up to date. Otherwise, attackers can attack systems and, in the worst case, execute malicious code.

Advertisement

Ongoing attacks

Attackers are already exploiting a vulnerability in Word (CVE-2023-36761 “medium”). According to a warning from Microsoft, Word 2013 and Microsoft 365 Apps for Enterprise, among others, are at risk. The article does not reveal what an attack looks like in detail. Since attacks can be initiated in the preview window, it can be assumed that attackers have to slip a manipulated document to victims.

If an attack is successful, attackers should have access to NTLM hashes. Windows stores passwords in this cryptographic format. Equipped with this, pass-the-hash attacks are conceivable, which attackers can use to gain higher user rights. The extent of the attacks is currently unknown.

The second currently exploited vulnerability (CVE-2023-36802 “High”) affects Microsoft Streaming Service Proxy. The affected Windows versions can be found in a warning message. Attackers should be able to use the vulnerability to gain system rights. How such an attack occurs is currently unknown.

Even more gaps

Microsoft classifies vulnerabilities in Azure Kubernetes Service, Internet Connecting Sharing (ICS) and Visual Studio as “critical”. If attacks fail, malicious code will be executed, among other things. To do this, attackers have to trick victims into opening a crafted Visual Studio package file (including CVE-2023-36792). In the case of Azure Kubernetes Service, attackers can gain cluster admin rights (CVE-2023-29332).

Other vulnerabilities affect Exchange Server, SharePoint Server and various Windows components, among others. Details about all the gaps closed on this patch day can be found in Microsoft’s Security Update Guide

(of the)

To the home page
#Patchday #Attackers #attack #Microsoft #Word #among