Thursday, 16 March 2023

2 Zero day fixed in March 2023 (CVE-2023-23397 & CVE-2023-23401)

Microsoft has released an important security update for Outlook and Windows SmartScreen as part of its March 2023 Patch Tuesday. The update fixes two critical vulnerabilities that are being actively exploited by cybercriminals.

The first vulnerability (CVE-2023-23397) affects all supported versions of Microsoft Outlook for Windows. It allows attackers to use specially crafted email messages or calendar invitations to steal your login credentials without even knowing your password. The attack works by exploiting a flaw in how Outlook handles HTML content embedded in emails or invitations. By sending you a malicious email or invitation, an attacker can trick Outlook into sending your credentials to a remote server controlled by them.

The second vulnerability (CVE-2023-23401) affects Windows SmartScreen, a feature that helps protect you from malicious websites and downloads. It allows attackers to bypass SmartScreen's security checks and execute arbitrary code on your computer. The attack works by exploiting a flaw in how SmartScreen handles certain file types that can be downloaded from the internet. By convincing you to download and open a malicious file, an attacker can run any code they want on your computer.

Both vulnerabilities are rated as critical by Microsoft and have been exploited in the wild by unknown threat actors. Therefore, it is highly recommended that you update your Outlook and Windows SmartScreen as soon as possible to protect yourself from these attacks.

You need to update your Outlook and Windows SmartScreen as soon as possible but in the short term Consider blocking outbound network traffic to TCP port 445 if you can. If you don’t need to authenticate to external servers (or you can create a definitive allow list of servers that you need to access, and block all others), then preventing server connection traffic is a sensible precaution anyway. (Microsoft lists this as an official mitigation.)

Remember to always keep your software up to date and avoid opening suspicious emails or files from unknown sources. Stay safe online!

No comments:

Post a Comment