Microsoft on Tuesday released a large batch of software security updates, including two previously exploited zero-days for Windows OS users. The first, CVE-2023-23397, is a critical-severity issue in Microsoft Outlook. Microsoft warned that an attacker could exploit this vulnerability by sending a specially crafted email which automatically triggers when it is retrieved, leading to a connection from the victim to an external UNC location of the attackers’ control. The second, CVE-2023-24880, is a vulnerability which attackers are bypassing Microsoft’s SmartScreen security feature in order to deliver malware. Adobe also issued an urgent warning about “very limited attacks” exploiting a zero-day vulnerability in its Adobe ColdFusion web app development platform.
Tuesday’s patch release highlights the continuing threats facing Windows OS users and the importance of staying up-to-date with security patches. Microsoft and other software makers are also encouraging users to use two-factor authentication and other security controls to help protect against malicious activity. It is also important to be aware of any suspicious emails that are received, as they could contain malicious links or attachments which could lead to exploitation.
In summary, Microsoft released a large batch of software security updates on Tuesday, including two previously exploited zero-days for Windows OS users. Microsoft warned of an attack through a specially crafted email and an attack bypassing SmartScreen security feature in order to deliver malware. Adobe also issued an urgent warning about “very limited attacks” exploiting a zero-day vulnerability in its Adobe ColdFusion web app development platform. It is essential for users to stay up-to-date with security patches and be aware of suspicious emails.
