But it does require some user interaction, and can’t be used to gain access to private information or privileges. Patch management vendor Action1 notes that the exploit for this bug is low in complexity and requires no special privileges. The other zero-day flaw being actively exploited in the wild - CVE-2023-24880 - is a “Security Feature Bypass” in Windows SmartScreen, part of Microsoft’s slate of endpoint protection tools. Security firm Rapid7 points out that this bug affects self-hosted versions of Outlook like Microsoft 365 Apps for Enterprise, but Microsoft-hosted online services like Microsoft 365 are not vulnerable. “This is on par with an attacker having a valid password with access to an organization’s systems.” “The vulnerability effectively lets the attacker authenticate as a trusted individual without having to know the person’s password,” Breen said. Known as an NTLM relay attack, it allows an attacker to get someone’s NTLM hash and use it in an attack commonly referred to as “ Pass The Hash.” While CVE-2023-23397 is labeled as an “Elevation of Privilege” vulnerability, that label doesn’t accurately reflect its severity, said Kevin Breen, director of cyber threat research at Immersive Labs. Microsoft said it has seen evidence that attackers are exploiting this flaw, which can be done without any user interaction by sending a booby-trapped email that triggers automatically when retrieved by the email server - before the email is even viewed in the Preview Pane. The Outlook vulnerability ( CVE-2023-23397) affects all versions of Microsoft Outlook from 2013 to the newest. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software.
0 Comments
Leave a Reply. |