Microsoft delivered a slew of software security updates on Tuesday, warning against a zero-day that has haunted two Windows OS users that have already been exploited.
The Redmond, Wash., software giant drew particular attention by announcing fixes for at least 80 Windows flaws. CVE-2023-23397is a critical issue in Microsoft Outlook that was exploited in a zero-day attack.
As is customary, Microsoft’s Security Response Center did not provide details or indicators of compromise (IOCs) to help defenders look for signs of compromise.
The company has acknowledged the discovery by Ukraine’s CERT organization and its own MSTI threat intelligence team, suggesting it was being used in advanced APT attacks in Europe.
“An attacker who successfully exploited this vulnerability could access a user’s Net-NTLMv2 hash and use it as the basis for an NTLM relay attack against another service to authenticate as the user,” Microsoft said. I’m here. Barebone Bulletin Documentation of bugs.
The company states that an attacker could exploit this vulnerability by sending a specially crafted email. This email is automatically triggered when it is retrieved and processed by your email server.
“This could be exploited before the email is displayed in the preview pane,” Redmond added, adding that an external attacker could send a specially crafted pointed out that it can cause connections to external UNC locations under the control of .
“This exposes the victim’s Net-NTLMv2 hash to the attacker, who can then relay it to another service to authenticate as the victim,” the company warns.
Microsoft also flagged a second vulnerability — CVE-2023-24880 — Attackers continue to actively bypass SmartScreen security features for urgent caution and warning.
The company has struggled to contain attackers who bypass the SmartScreen technology built into Microsoft Edge and the Windows operating system to protect users from phishing and socially engineered malware downloads.
The infamous Magniber ransomware behavior has been observed to exploit SmartScreen bypass technology, and Microsoft has made multiple attempts to mitigate this issue.
Separately, software maker Adobe also issued an urgent warning of a “very limited attack” exploiting a zero-day vulnerability in its Adobe ColdFusion web app development platform.
Adobe warnings were embedded in severity levels Recommendation It contains patches for ColdFusion versions 2021 and 2018. No other details regarding the actual infringement were provided.
Related: Microsoft patches zero-day MotW vulnerability exploited for malware distribution
Related: Microsoft closes Windows hole exploited in ransomware attack
Related: Adobe warns of ‘very limited attacks’ exploiting ColdFusion zero-day
Related: Microsoft OneNote Abuse Explodes Malware Delivery