Security News > 2023 > March > Week in review: Public MS Word RCE PoC, API exploitation, Patch Tuesday forecast

Week in review: Public MS Word RCE PoC, API exploitation, Patch Tuesday forecast
2023-03-12 09:30

Veeam Backup & Replication admins, get patching!Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible.

Fortinet plugs critical RCE hole in FortiOS, FortiProxyFortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.

PoC exploit for recently patched Microsoft Word RCE is publicA PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.

March 2023 Patch Tuesday forecast: It's not about luckEvery month I touch on a few hot topics related to security around patching and some important updates to look out for on the upcoming Patch Tuesday.

Vulnerability in DJI drones may reveal pilot's locationSerious security vulnerabilities have been identified in multiple DJI drones.

Attackers exploit APIs faster than ever beforeAfter combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm.


News URL

https://www.helpnetsecurity.com/2023/03/12/week-in-review-public-ms-word-rce-poc-api-exploitation-patch-tuesday-forecast/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-27532 Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained.
network
low complexity
veeam CWE-306
7.5
2023-02-14 CVE-2023-21716 Unspecified vulnerability in Microsoft products
Microsoft Word Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
9.8