Security News > 2023 > March > Microsoft fixes two 0-days on Patch Tuesday – update now!
Last month, Microsoft dealt with three zero-days, by which we mean security holes that cybercriminals found first, and figured out how to abuse in real-life attacks before any patches were available.
Intriguingly for a bug that was discovered in the wild, albeit one reported rather blandly by Microsoft as Exploitation Detected, the Outlook flaw is jointly credited to CERT-UA, Microsoft Incident Response, and Microsoft Threat Intelligence.
An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.
External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control.
As Microsoft warns, an attacker who can time things right might be able to start authenticating to a genuine server as you, without knowing your password or its hash, just to get an 8-byte starting challenge from the real server.
In short, you definitely want to patch against this one, because even if the attack requires lots of tries, time and luck, and isn't terribly likely to work, we already know that it's a case of "Exploitation Detected".
News URL
https://nakedsecurity.sophos.com/2023/03/15/microsoft-fixes-two-0-days-on-patch-tuesday-update-now/
Related news
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- March 2024 Patch Tuesday forecast: A popular framework updated (source)
- Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- March Patch Tuesday sees Hyper-V join the guest-host escape club (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)