Microsoft has released a new patch that seeks to address dozens of security holes in its Windows operating systems as well as "zero day" vulnerabilities., marking potential risks to users and other entities.
The tech giant warned that these issues are already being exploited by nefarious individuals in active attacks. The zero-day threats are said to be targeting Microsoft this month and include CVE-2023-36025. This is a weakness that allows malicious content to bypass the Windows SmartScreen Security feature.
Microsoft"s New Patch
This is a built-in Windows component that attempts to detect and block malicious websites and files. Microsoft's security advisory for this particular flaw said that attackers could exploit it by getting a Windows user to click on a booby-trapped link to a shortcut file.
The senior director of threat research at Immersive Labs, Kevin Breen said that emails with .url attachments or logs with processes spawning from .url files should be a "high priority" for those who are hunting threats. This is given the active exploitation of this particular vulnerability in the wild, as per Krebs on Security.
The second zero-day that was identified this month is CVE-2023-36033, which is a vulnerability in the "DWM Core Library" in Microsoft Windows. It was exploited in the wild as a zero-day and publicly disclosed prior to patches being available.
It is said to affect Microsoft Windows 10 and later versions as well as Microsoft Windows Server 2019 and subsequent versions. The president and co-founder of the security firm Action1, Mike Walters said that this vulnerability can be exploited locally with low complexity and without the need for high-level privileges or user interaction.
He added that attackers who are exploiting this particular flaw could gain SYSTEM privileges, which makes it an efficient method for escalating privileges, especially after gaining initial access through methods such as phishing.
Fixing Bugs and Exploits
While the new Microsoft patch was able to fix 14 remote code execution (RCE) bugs, the company only rated one as critical. There were also three critical flaws that were fixed and are an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw, according to Bleeping Computer.
The total 58 flaws that were addressed in the recent patch did not include five Mariner security updates and 20 Microsoft Edge security updates that were released earlier this month. On top of the fixes, Microsoft also said that two other publicly disclosed zero-day bugs, CVE-2023-36413 and CVE-2023-36038, were addressed.
The manager of vulnerability and threat research at Qualys, Saeed Abbasi said that Windows Cloud Files Mini Filter Driver, which was among the affected by the flaws, is a component that is essential to the functioning of cloud-stored files on Windows systems.
He noted that the widespread presence of this particular driver in nearly all Windows versions raises the risk and provides a broad attack surface, Abbasi said that it is currently under active attack and poses a significant risk, especially when it is paired with a code execution bug, said DarkReading.
