A total of 132 security flaws affecting different Windows systems have been confirmed by Microsoft. Of them, six are being used right now, and 37 of them allow remote code execution. Only nine of the thirty-seven were rated “Critical” by Microsoft. One of these zero-day flaws affects Windows HTML and Microsoft Office and allows for remote code execution.
For these 132 security flaws, a patch has been made available. However, one of the RCE issues is still unpatched and is being used in a variety of cyberattacks, as noted by numerous cybersecurity firms.
A Russian cybercriminal organization dubbed RomCom, which is thought to have connections to Russian intelligence, has been blamed by Microsoft for exploiting this vulnerability. Security experts advise caution because RomCom has a history of attacking a variety of targets with ransomware.
On Windows platforms, a number of zero-day vulnerabilities are now being aggressively exploited. One of these is CVE-2023-32046, which affects the MSHTML component and enables code execution by attackers. Another flaw, which might allow admin rights, affects the Windows Error Reporting service. Last but not least, CVE-2023-32049 affects and circumvents the SmartScreen functionality.
A number of remote code execution flaws affecting Microsoft’s Windows and Office programs have been reported. As a result of targeted assaults utilizing specifically created Microsoft Office documents to exploit these vulnerabilities, Microsoft is now looking into these reports.
According to Microsoft, the CVE-2023-36884 is still not patched, but they guarantee their clients that soon the inquiry is over, they will take the necessary steps to secure them. Instead of delaying the patching of this extensively exploited zero-day vulnerability until next month’s Patch Tuesday rollout, Microsoft is probably going to issue an out-of-band security fix.
Microsoft advises customers to read a threat intelligence blog post in order to learn about potential workarounds and mitigations for the time being.
Windows users are strongly encouraged to install the updates as soon as possible due to the large number of vulnerabilities that have been fixed, including numerous zero-day ones.
Check out TechOnTips.com for the most recent news, tech news, breaking news headlines, and live updates.