Windows PC users, Microsoft has released an important security update for you
Microsoft has confirmed 132 security vulnerabilities affecting various Windows products. Six of these are currently being exploited, and thirty-seven are remote code execution vulnerabilities. Of the thirty-seven, only nine were deemed ‘Critical’ by Microsoft. One of these zero-day vulnerabilities is related to remote code execution within Microsoft Office and Windows HTML.
A patch has been released for these 132 security vulnerabilities. However, one of the RCE flaws remains unpatched and is being exploited in various cyberattacks that multiple cybersecurity firms have observed.
According to Microsoft, the exploitation of this vulnerability has been attributed to a Russian cybercrime group called RomCom, which is believed to have ties to Russian intelligence. Security researchers caution that RomCom has been known to carry out ransomware attacks against various targets.
Several zero-day vulnerabilities are being actively exploited on Windows systems. These include CVE-2023-32046, which affects the MSHTML component and can allow attackers to execute code. Another vulnerability affects the Windows Error Reporting service and can grant admin privileges. Finally, CVE-2023-32049 impacts the SmartScreen feature and can bypass it.
Reports have surfaced regarding a series of remote code execution vulnerabilities affecting Microsoft’s Windows and Office products. Microsoft is currently investigating these reports, as there have been targeted attacks using specially-crafted Microsoft Office documents to exploit these vulnerabilities.
The CVE-2023-36884 is still unpatched, according to Microsoft, but they assure customers that they will take appropriate action to protect them once the investigation is complete. It is likely that Microsoft will release an out-of-band security update instead of waiting until next month’s Patch Tuesday rollout to address this actively exploited zero-day vulnerability.
For the time being, Microsoft suggests that users refer to a threat intelligence blog post to learn about possible workarounds and mitigations.
It is highly advised for Windows users to install the updates as soon as possible due to the high number of addressed vulnerabilities, including multiple zero-day ones
FacebookTwitterLinkedin
end of article
Microsoft has confirmed 132 security vulnerabilities affecting various Windows products. Six of these are currently being exploited, and thirty-seven are remote code execution vulnerabilities. Of the thirty-seven, only nine were deemed ‘Critical’ by Microsoft. One of these zero-day vulnerabilities is related to remote code execution within Microsoft Office and Windows HTML.
A patch has been released for these 132 security vulnerabilities. However, one of the RCE flaws remains unpatched and is being exploited in various cyberattacks that multiple cybersecurity firms have observed.
According to Microsoft, the exploitation of this vulnerability has been attributed to a Russian cybercrime group called RomCom, which is believed to have ties to Russian intelligence. Security researchers caution that RomCom has been known to carry out ransomware attacks against various targets.
Several zero-day vulnerabilities are being actively exploited on Windows systems. These include CVE-2023-32046, which affects the MSHTML component and can allow attackers to execute code. Another vulnerability affects the Windows Error Reporting service and can grant admin privileges. Finally, CVE-2023-32049 impacts the SmartScreen feature and can bypass it.
Reports have surfaced regarding a series of remote code execution vulnerabilities affecting Microsoft’s Windows and Office products. Microsoft is currently investigating these reports, as there have been targeted attacks using specially-crafted Microsoft Office documents to exploit these vulnerabilities.
The CVE-2023-36884 is still unpatched, according to Microsoft, but they assure customers that they will take appropriate action to protect them once the investigation is complete. It is likely that Microsoft will release an out-of-band security update instead of waiting until next month’s Patch Tuesday rollout to address this actively exploited zero-day vulnerability.
For the time being, Microsoft suggests that users refer to a threat intelligence blog post to learn about possible workarounds and mitigations.
It is highly advised for Windows users to install the updates as soon as possible due to the high number of addressed vulnerabilities, including multiple zero-day ones
FacebookTwitterLinkedin
end of article
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.