Microsoft has issued a warning about a zero-day vulnerability in Outlook, which is being actively exploited by attackers. The company has released a security patch for the vulnerability, along with patches for 80 other security flaws in its products. The zero-day vulnerability could allow attackers to execute malicious code on a target system, potentially giving them access to sensitive data. Microsoft is urging users to update their systems as soon as possible to protect against these threats. In this article, we will take a closer look at the Outlook zero-day exploitation and the other security vulnerabilities that have been patched.
Microsoft released a substantial update containing security fixes for at least 80 Windows vulnerabilities on Tuesday, while alerting users of two zero-day issues that have been exploited. The company urged users to take notice of CVE-2023-23397, a critical vulnerability in Microsoft Outlook that has already been exploited in zero-day attacks, which exposed the user’s Net-NTLMv2 hash, susceptible to an NTLM Relay attack. Ukrainian CERT discovered this vulnerability and identified its use in advanced APT attacks in Europe. The other zero-day issue was CVE-2023-24880, which bypasses the SmartScreen security feature, and Magniber ransomware had frequently been using it. Adobe also issued a warning about limited exploitation of a zero-day vulnerability, CVE-2023-26360 in its Adobe ColdFusion web development platform.
In light of Microsoft’s latest announcement regarding the Outlook zero-day exploitation and patching of 80 security vulnerabilities, users should remain diligent in protecting their devices against cyber-attacks. With cybercriminals always on the lookout for vulnerabilities to exploit, it is important to keep your software up to date and exercise caution in opening emails or attachments from unknown sources. While Microsoft’s security updates provide a layer of protection, it is still important to implement your own antivirus and firewall measures to keep your data safe. Stay vigilant and proactive in your approach to cybersecurity to keep you and your devices secure.
