Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released.
One vulnerability affects all supported versions of Outlook for Windows and allows attackers to steal Net-NTLMv2 hashes and then use them in NTLM (New Technology LAN Manager) relay attacks against other systems. The second allows attackers to bypass Microsoft SmartScreen, a technology built into Windows that performs checks on files downloaded from the internet through browsers.
NTLM hash-stealing flaw exploited by Russian state-sponsored APT
The Outlook vulnerability, tracked as CVE-2023-23397, is described by Microsoft as an elevation of privilege and is rated critical (9.8 out of 10 on the CVSS scale). Unlike remote code execution vulnerabilities, EoP vulnerabilities are rarely critical because they can’t typically be exploited remotely and the attacker already needs to have some lower privileges on the system.
More Stories
Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer
CrowdStrike warned it had observed a phishing campaign impersonating the firm’s recruitment process to lure victims into downloading cryptominer Read...
Slovakia Hit by Historic Cyber-Attack on Land Registry
A large-scale cyber-attack has targeted the information system of Slovakia’s land registry, impacting the management of land and property records...
Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you
A Canadian man lost a $100,000 cryptocurrency fortune - all because he did a careless Google search. Read more in...
Medusind Breach Exposes Sensitive Patient Data
The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been...
Fake PoC Exploit Targets Security Researchers with Infostealer
Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data...
Smashing Security podcast #399: Honey in hot water, and reset your devices
Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the...