Security News > 2023 > March > Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)

It's March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild by different threat actors.

"CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. No user interaction is required," Microsoft explained.

"Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages," Microsoft pointed out.

"Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe," the company said, and shared a script that organizations can use to check if they have been among the targets.

The in-the-wild exploitation of the vulnerability was reported to Microsoft by researchers Benoît Sevens and Vlad Stolyarov of the Google's Threat Analysis Group, which spotted it being exploited to deliver the Magniber ransomware.

They also noted that, in September and November 2022, threat actors used a similar SmartScreen bypass vulnerability to deliver the Magniber ransomware and the Qakbot infostealer, before the flaw was patched in December 2022.

News URL

https://www.helpnetsecurity.com/2023/03/14/cve-2023-23397-cve-2023-24880/