Check the lists for products you care about. From remote-code execution flaws in Microsoft Access and SharePoint Server (albeit requiring authentication), to various kernel-level privilege-elevation holes. In the case of the browser engine, tricking a mark into opening a specially crafted file – such as an email attachment, or a file embedded in a webpage – is enough to trigger exploitation.Īs for the others, there are scores of them. In both cases, clicking on a maliciously crafted URL will lead to the victim's PC being compromised.Īnd for the privilege escalation: CVE-2023-32046 in the MSHTML browser engine, and CVE-2023-36874 in the Windows Error Reporting Service. Let's start with the security bypasses: CVE-2023-32049 in Windows SmartScreens, and CVE-2023-35311 in Microsoft Outlook. The other four actively exploited issues do have patches available, and are conveniently divided into two categories: software security feature bypasses, and privilege escalation issues. To kill BlackLotus malware, patching is a good start, but.It's 2023 and memory overwrite bugs are not just a thing, they're still number one.You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug.Microsoft puts out Outlook fire, says everything's fine with Teams malware flaw.As there is no fix yet, Redmond urged people to use some good old-fashioned attachment blocking. "Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents," the Windows giant said in its advisory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |