Security News > 2023 > March > Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It's March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild by different threat actors.
"CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. No user interaction is required," Microsoft explained.
"Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages," Microsoft pointed out.
"Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe," the company said, and shared a script that organizations can use to check if they have been among the targets.
The in-the-wild exploitation of the vulnerability was reported to Microsoft by researchers Benoît Sevens and Vlad Stolyarov of the Google's Threat Analysis Group, which spotted it being exploited to deliver the Magniber ransomware.
They also noted that, in September and November 2022, threat actors used a similar SmartScreen bypass vulnerability to deliver the Magniber ransomware and the Qakbot infostealer, before the flaw was patched in December 2022.
News URL
https://www.helpnetsecurity.com/2023/03/14/cve-2023-23397-cve-2023-24880/
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Cleo patches zero-day exploited by ransomware gang (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |