Attackers are currently attacking Windows and compromising systems with malicious code. The vulnerability has been known for last month – but a security update is only available now. Microsoft has also released important patches, including for Azure, Edge and SharePoint Server.
Advertisement
Security barrier torn down
The exploited gap (CVE-2023-36884 “high“) affects Windows Search. It is currently unknown to what extent the attacks are taking place. On patch day in July, they appeared in the context of Office. For an attack to be successful, however, victims must play along and, for example, click on a link prepared by attackers in a chat or email.
When this happens, the Mark of the Web (MOTW) protection mechanism is disabled. This ensures that files downloaded from the Internet are marked as such and are opened in protected mode in Office, for example. This procedure blocks the execution of macros, for example. Without MOTW, malicious code can enter systems after opening a manipulated document. The macro way is very popular for distribution of ransomware trojans.
Critical malicious code gaps
As “critical” there are three gaps (CVE-2023-35385, CVE-2023-36910, CVE-2023-3691) in Microsoft’s network protocol Message Queuing. Attackers should be able to attack the vulnerability remotely without authentication in order to execute malicious code in the context of the protocol on a server. How an attack could proceed is not yet known.
Other malicious code vulnerabilities affect teams (CVE-2023-29328 “high“, CVE-2023-29330 “high“). But for such an attack, attackers have to get victims to join a Teams group they created.
Advertisement
Even more vulnerabilities
Attackers can also target Exchange Server and acquire higher user rights or even execute malicious code. Office Visio is also vulnerable to malicious code attacks. Leaking of information is possible on SharePoint servers.
Microsoft lists further information on security gaps closed on this patch day in its Security Update Guide on.
(of)