Security News > 2023 > March > Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It's March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild by different threat actors.
"CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. No user interaction is required," Microsoft explained.
"Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages," Microsoft pointed out.
"Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe," the company said, and shared a script that organizations can use to check if they have been among the targets.
The in-the-wild exploitation of the vulnerability was reported to Microsoft by researchers Benoît Sevens and Vlad Stolyarov of the Google's Threat Analysis Group, which spotted it being exploited to deliver the Magniber ransomware.
They also noted that, in September and November 2022, threat actors used a similar SmartScreen bypass vulnerability to deliver the Magniber ransomware and the Qakbot infostealer, before the flaw was patched in December 2022.
News URL
https://www.helpnetsecurity.com/2023/03/14/cve-2023-23397-cve-2023-24880/
Related news
- Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7 (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- MITRE breached by nation-state threat actor via Ivanti zero-days (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft 365 Apps, Office and Outlook Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |