By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    Zelenskyy agrees to meet Putin
    Zelenskyy agrees to meet Putin
    May 12, 2025
    Pope Leo calls for end to polarising ‘war of words’ in address to media | World News
    Pope Leo calls for end to polarising ‘war of words’ in address to media | World News
    May 12, 2025
    Assessing Putin and the ‘Axis of Authoritarians’
    Assessing Putin and the ‘Axis of Authoritarians’
    May 12, 2025
    Kurdish PKK to disband, potentially ending decades of conflict in Turkiye | News
    Kurdish PKK to disband, potentially ending decades of conflict in Turkiye | News
    May 12, 2025
    Trump announces gesture of ‘good faith’ by Hamas — RT World News
    Trump announces gesture of ‘good faith’ by Hamas — RT World News
    May 12, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    Cardano bulls set eyes on  as institutional adoption grows amid BTC integration
    Cardano bulls set eyes on $1 as institutional adoption grows amid BTC integration
    May 12, 2025
    Sonic Labs Announces M Token Sale to Galaxy for U.S. Expansion
    Sonic Labs Announces $10M Token Sale to Galaxy for U.S. Expansion
    May 12, 2025
    นักวิเคราะห์ลั่นอย่าพลาด Dogecoin จะเด้งแบบพาราโบลาสัปดาห์หน้า!
    นักวิเคราะห์ลั่นอย่าพลาด Dogecoin จะเด้งแบบพาราโบลาสัปดาห์หน้า!
    May 12, 2025
    Zcash (ZEC) Tops Key Supply Zone. What Next for the Privacy-Focused Token?
    Zcash (ZEC) Tops Key Supply Zone. What Next for the Privacy-Focused Token?
    May 12, 2025
    BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, LEO, LINK
    BTC, ETH, XRP, BNB, SOL, ADA, DOGE, PI, LEO, LINK
    May 12, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Technology > Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Technology

Microsoft addresses Office vulnerability attacked by Russian spooks in latest update

Published August 9, 2023
Share
5 Min Read
SHARE

Amid the ongoing Black Hat USA and DEF CON cyber jamborees, Microsoft has addressed a little over 70 vulnerabilities in its August Patch Tuesday update, including two zero-days already being exploited, more than 20 remote code execution (RCE) flaws, and six critical bugs.

Of the two zero-days fixes, the first comes in the form of a Defense in Depth Update for Microsoft Office, tagged as ADV23003.

This is a set of mitigations that supposedly breaks the exploit chain used by threat actors to target CVE-2023-36884, an RCE vuln in Microsoft Office which was disclosed in the July update without a fix, and is known to have been exploited by a threat actor linked to Russian intelligence agencies.

Separately, patches for the multiple products affected by this vulnerability are now available and should be applied.

Chris Goett, vice-president of security products at Ivanti, explained the significance of the ADV23303 release. “Microsoft updated the affected products listed in CVE-2023-36884 removing the Office products originally listed in the CVE,” he said.

“The Office products listed in ADV230003 are not directly vulnerable, but can be used in an attack chain to exploit CVE-2023-36884. Microsoft has clarified the changes in the Office updates were a Defense in Depth measure.

“Microsoft recommends applying the Office updates discussed in the advisory in addition to the August Windows OS updates,” he added.

The second zero-day is tracked as CVE-2023-38180, a denial of service vulnerability in .NET and Visual Studio. It is considered to be of low complexity and requires no special privileges or user interaction to exploit.

Nikolas Cemerikic, cyber security engineer at Immersive Labs, explained the scope of the vulnerability.

“A denial of service (DoS) attack involves overrunning it with an excessive volume of requests, which exhausts its available resources, such as processing power, memory, or network bandwidth. Consequently, the application becomes incapable of fulfilling legitimate user requests, limiting its normal functionality,” he said.

“If an attacker, who was suitably positioned on the network exploited this vulnerability, it would cause the Visual Studio application or applications on the same system, which are dependent on the .NET framework to become unavailable.

“Although the attacker would need to be on the same network as the target system, this vulnerability specifically does not require the attacker to have acquired user privileges,” added Cemerikic.

“According to the CVE details code maturity has reached proof-of-concept and it is confirmed to be exploited in the wild,” Ivanti’s Goettl told Computer Weekly in emailed comments.

“The CVE is only rated as Important and the CVSS v3.1 score is 7.5, but taking a risk-based approach this should be treated as a higher priority this month.”

The six critical vulnerabilities this month are all RCE flaws, three within Microsoft Message Queuing – CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911; two within Microsoft Teams – CVE-2023-29328 and CVE-2023-29330; and one within Microsoft Outlook – CVE-2023-36895.

Dustin Childs of Trend Micro’s Zero Day Initiative said that the Microsoft Message Queueing bugs, of which there are several others less dramatic in their scope, were likely to see exploitation in short order as a number of PoCs are already circulating, while the Microsoft Teams vulnerabilities are worth paying attention to as both bear similarities to others that were demonstrated at the 2023 Pwn2Own event.

Also attracting attention this month are a series of six flaws in Microsoft Exchange Server, the most significant of which is CVE-2023-21709, an elevation of privilege (EoP) vulnerability. This is of low complexity and requires no special privileges or user interaction to exploit.

Tenable senior staff research engineer Satnam Narang said: “An unauthenticated attacker could exploit this vulnerability by conducting a brute-force attack against valid user accounts. Despite the high rating, the belief is that brute-force attacks won’t be successful against accounts with strong passwords. However, if weak passwords are in use, this would make brute-force attempts more successful.

“The remaining five vulnerabilities range from a spoofing flaw and multiple remote code execution bugs, though the most severe of the bunch also require credentials for a valid account,” he added.

#Microsoft #addresses #Office #vulnerability #attacked #Russian #spooks #latest #update

TAGGED:AddressesattackedlatestMicrosoftofficeRussianSpooksupdatevulnerability
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Atlanta Falcons rookie Clark Phillips III carted off during practice with Miami Dolphins Atlanta Falcons rookie Clark Phillips III carted off during practice with Miami Dolphins
Next Article Intel Core i5-14600KF shows up on Geekbench with decent performance gains over the Core i5-13600KF Intel Core i5-14600KF shows up on Geekbench with decent performance gains over the Core i5-13600KF
- Advertisement -

Latest Post

Cardano bulls set eyes on  as institutional adoption grows amid BTC integration
Cardano bulls set eyes on $1 as institutional adoption grows amid BTC integration
Cryptocurrency
Zelenskyy agrees to meet Putin
Zelenskyy agrees to meet Putin
World News
Sonic Labs Announces M Token Sale to Galaxy for U.S. Expansion
Sonic Labs Announces $10M Token Sale to Galaxy for U.S. Expansion
Cryptocurrency
Pope Leo calls for end to polarising ‘war of words’ in address to media | World News
Pope Leo calls for end to polarising ‘war of words’ in address to media | World News
World News
นักวิเคราะห์ลั่นอย่าพลาด Dogecoin จะเด้งแบบพาราโบลาสัปดาห์หน้า!
นักวิเคราะห์ลั่นอย่าพลาด Dogecoin จะเด้งแบบพาราโบลาสัปดาห์หน้า!
Cryptocurrency
Assessing Putin and the ‘Axis of Authoritarians’
Assessing Putin and the ‘Axis of Authoritarians’
World News
- Advertisement -

You Might Also Like

Loki Season 2 Trailer: Kang, Chaos, and Pie
Technology

Loki Season 2 Trailer: Kang, Chaos, and Pie

July 31, 2023
AI’s environmental cost could outweigh sustainability benefits
Technology

AI’s environmental cost could outweigh sustainability benefits

June 14, 2024
Metaverse Development Marketplaces : creator store
Technology

Metaverse Development Marketplaces : creator store

January 27, 2024
There’s More Proof That Return to Office Is Pointless
Technology

There’s More Proof That Return to Office Is Pointless

January 31, 2024

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?