Security News > 2023 > March > Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It's March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild by different threat actors.
"CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. No user interaction is required," Microsoft explained.
"Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages," Microsoft pointed out.
"Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe," the company said, and shared a script that organizations can use to check if they have been among the targets.
The in-the-wild exploitation of the vulnerability was reported to Microsoft by researchers Benoît Sevens and Vlad Stolyarov of the Google's Threat Analysis Group, which spotted it being exploited to deliver the Magniber ransomware.
They also noted that, in September and November 2022, threat actors used a similar SmartScreen bypass vulnerability to deliver the Magniber ransomware and the Qakbot infostealer, before the flaw was patched in December 2022.
News URL
https://www.helpnetsecurity.com/2023/03/14/cve-2023-23397-cve-2023-24880/
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Volkswagen monitoring data dump threat from 8Base ransomware crew (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |