An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Microsoft deems this as “less likely exploitable.” Critical Vulnerability in the HTTP Protocol StackĬVE-2023-23392, a RCE vulnerability affecting the HTTP Protocol Stack in Windows 11 and Windows Server 2022, is rated as Critical. Actively exploited zero-day vulnerabilities patched in March 2023 Critical Vulnerabilities affecting Microsoft Products Critical Vulnerability affecting Remote Procedure Call (RPC)ĬVE-2023-21708, a RCE vulnerability affecting Remote Procedure Call (RPC) and rated as Critical, could result in remote code execution on the server side with the same permissions as the running RPC service itself. Windows SmartScreen Security Feature Bypass vulnerabilityįigure 3. Microsoft Outlook Elevation of Privilege vulnerability If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check.” Rank So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. Microsoft explained: “When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.ĬVE-2023-24880, rated as Moderate, is a vulnerability affecting Windows SmartScreen. An external attacker could send a specially crafted email that will cause a connection from the victim to an external location of the attackers’ control. Breakdown of product families affected by March 2023 Patch Tuesday Actively Exploited Zero-Day VulnerabilitiesĬVE-2023-23397, rated as Critical, is a vulnerability affecting Microsoft Outlook.
0 Comments
Leave a Reply. |