Microsoft’s monthly patch day brings with it a warning of an as-yet-unpatched zero-day vulnerability in which Word documents are the attack vector.
In a blog post, Microsoft accused a Russian threat actor dubbed “Storm-0978” of using CVE-2023-36884 to try and install backdoors on target systems.
The group then conducts ransomware attacks, or uses their access for espionage, Microsoft said.
Infected Word files are detected by Windows Defender, the post said.
Other exploited bugs patched this month include:
- CVE-2023-35311, an Outlook security feature vulnerability
- CVE-2023-32046, an escalation of privilege exploitable by a crafted file in an email or on a website
- CVE-2023-32049, a security feature bypass vulnerability with Windows SmartScreen
- CVE-2023-36874, a local privilege escalation vulnerability
Critical vulnerabilities (with a CVSS score greater than 9) disclosed today include CVE-2023-32057, a vulnerability in Microsoft message queuing that results in remote code execution (RCE); CVE-2023-33150, a security feature bypass in Office; and CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367, a trio of RCE vulnerabilities in the Windows routing and remote access service.
The SANS Institute’s Patch Tuesday roundup states there are a total of 132 fixes released by Microsoft today.
