Security News > 2023 > July > Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack

Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack
2023-07-12 05:34

Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild.

The Windows makers said it's aware of targeted attacks against defense and government entities in Europe and North America that attempt to exploit CVE-2023-36884 by using specially-crafted Microsoft Office document lures related to the Ukrainian World Congress, echoing the latest findings from BlackBerry.

"An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim," Microsoft said.

"The actor also deploys the Underground ransomware, which is closely related to the Industrial Spy ransomware first observed in the wild in May 2022," the Microsoft Threat Intelligence team explained.

It's not currently not clear how the other flaws are being exploited and how broadly those attacks are spread. But in light of active abuse, it's recommended that users move quickly to apply the updates to mitigate potential threats.

In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including -.


News URL

https://thehackernews.com/2023/07/microsoft-releases-patches-for-130.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-36884 Race Condition vulnerability in Microsoft products
Windows Search Remote Code Execution Vulnerability
network
high complexity
microsoft CWE-362
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774