Tech & Startup

Microsoft patches 132 security vulnerabilities in latest Windows update

Windows update
Unfortunately, six zero-day flaws were actively exploited by hackers before the patch was released. One of them, CVE-2023-36884, was exploited by a Russian cybercriminal group known as Storm-0978.

Microsoft has recently patched a total of 132 security flaws in the latest Windows update. Out of them, nine were rated 'critical' and 121 were rated 'important' in terms of their severity when the patch was first released.

However, six were zero-day flaws that were actively exploited by hackers before the patch was released. According to Microsoft, one of these zero-day flaws, named CVE-2023-36884, was exploited by a Russian cybercriminal group known as Storm-0978, or RomCom. The hacker group, as per Microsoft's official blog, conducts extortion through ransomware and is speculated to be involved in political campaigns and covert intelligence operations. 

This particular security vulnerability included the execution of a remote code which reportedly targeted North American and European government entities. As per Microsoft, the attacker could create a specially crafted Microsoft Office document to execute this remote code. However, the attacker would still have to convince the victim to open the malicious document - or else the code execution wouldn't work.

The other five security flaws range from exploitations of various Windows security features, including that of Windows SmartScreen and Outlook. These flaws were exploited mostly via spam emails and malicious websites, allowing hackers to gain access to files and folders of the unsuspecting targets. 

Comments

Microsoft patches 132 security vulnerabilities in latest Windows update

Windows update
Unfortunately, six zero-day flaws were actively exploited by hackers before the patch was released. One of them, CVE-2023-36884, was exploited by a Russian cybercriminal group known as Storm-0978.

Microsoft has recently patched a total of 132 security flaws in the latest Windows update. Out of them, nine were rated 'critical' and 121 were rated 'important' in terms of their severity when the patch was first released.

However, six were zero-day flaws that were actively exploited by hackers before the patch was released. According to Microsoft, one of these zero-day flaws, named CVE-2023-36884, was exploited by a Russian cybercriminal group known as Storm-0978, or RomCom. The hacker group, as per Microsoft's official blog, conducts extortion through ransomware and is speculated to be involved in political campaigns and covert intelligence operations. 

This particular security vulnerability included the execution of a remote code which reportedly targeted North American and European government entities. As per Microsoft, the attacker could create a specially crafted Microsoft Office document to execute this remote code. However, the attacker would still have to convince the victim to open the malicious document - or else the code execution wouldn't work.

The other five security flaws range from exploitations of various Windows security features, including that of Windows SmartScreen and Outlook. These flaws were exploited mostly via spam emails and malicious websites, allowing hackers to gain access to files and folders of the unsuspecting targets. 

Comments