Security News > 2023 > March > Week in review: Public MS Word RCE PoC, API exploitation, Patch Tuesday forecast
Veeam Backup & Replication admins, get patching!Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible.
Fortinet plugs critical RCE hole in FortiOS, FortiProxyFortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.
PoC exploit for recently patched Microsoft Word RCE is publicA PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.
March 2023 Patch Tuesday forecast: It's not about luckEvery month I touch on a few hot topics related to security around patching and some important updates to look out for on the upcoming Patch Tuesday.
Vulnerability in DJI drones may reveal pilot's locationSerious security vulnerabilities have been identified in multiple DJI drones.
Attackers exploit APIs faster than ever beforeAfter combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm.
News URL
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2023-27532 | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. | 7.5 |
| 2023-02-14 | CVE-2023-21716 | Unspecified vulnerability in Microsoft products Microsoft Word Remote Code Execution Vulnerability | 9.8 |