One of these zero-day vulnerabilities is of remote code executive (RCE) type, affecting Windows HTML and Microsoft Office. Microsoft has surprisingly not yet released a patch for CVE-2023-36884, opting instead to provide configuration mitigation methods, despite this being a Patch Tuesday rollout. Microsoft has connected the exploitation of this vulnerability to the Russian cybercrime group RomCom, which is suspected to be acting in the interests of Russian intelligence.
According to Rapid7 vulnerability risk management specialist Adam Barnett, the RomCom gang has also been linked to ransomware assaults that have been directed at a variety of targets. More such security experts are raising concerns given the number of vulnerabilities and the multiple zero-days that they are coming across, regarding which they are warning Windows users to adopt the updated versions promptly. The Microsoft Security Update Guide contains a comprehensive list of the vulnerabilities fixed by the most recent Patch Tuesday release. Security professionals have, however, drawn attention to some of the more crucial ones.
CVE-2023-36884
According to Microsoft, “investigating reports of a series of remote code e
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: