It’s Patch Tuesday again. Microsoft is addressing fewer individual vulnerabilities this month than last, but there’s still plenty to keep admins and defenders occupied.
Three zero-day vulnerabilities are vying for your attention today: a lone Microsoft Publisher vulnerability as well as a couple affecting Windows itself. None is marked as publicly disclosed, but Microsoft has already observed in-the-wild exploitation of all three.
One zero-day vulnerability is a Security Features Bypass vulnerability in Microsoft Publisher. Successful exploitation of CVE-2023-21715 allows an attacker to bypass Office macro defenses using a specially-crafted document and run code which would otherwise be blocked by policy. Only Publisher installations delivered as part of Microsoft 365 Apps for Enterprise are listed as affected.
CVE-2023-23376 describes a vulnerability in the Windows Common Log File System Driver which allows Local Privilege Escalation (LPE) to SYSTEM. Although Microsoft isn’t necessarily aware of mature exploit code at time of publication, this is worth patching at the first opportunity, since it affects essentially all current Windows hosts.
CVE-2023-21823 is described as a Remote Code Execution (RCE) vulnerability in Windows Graphics Component, but has Attack Vector listed as Local. This apparent inconsistency is often accompanied with a clarification like: “The word Remote in the title refers to the location of the attacker. [...] The attack itself is carried out locally.” No such clarification is available in this case, but this is likely applicable here also. Microsoft also notes the existence of mature exploit code.
Microsof ..
Support the originator by clicking the read the rest link below.
